From Mageia wiki
Jump to: navigation, search

MGASA-2013-0018

Date: January 24th, 2013
Affected releases: 2


Description:
Updated java-1.7.0-openjdk packages fix security vulnerabilities:

Two improper permission check issues were discovered in the reflection
API in OpenJDK. An untrusted Java application or applet could use these
flaws to bypass Java sandbox restrictions (CVE-2012-3174, CVE-2013-0422).

IcedTea7 has been updated to version 2.3.4 to fix these security issues.


Updated Packages:
i586:
java-1.7.0-openjdk-1.7.0.6-2.3.4.1.mga2.i586.rpm
java-1.7.0-openjdk-demo-1.7.0.6-2.3.4.1.mga2.i586.rpm
java-1.7.0-openjdk-devel-1.7.0.6-2.3.4.1.mga2.i586.rpm
java-1.7.0-openjdk-javadoc-1.7.0.6-2.3.4.1.mga2.noarch.rpm
java-1.7.0-openjdk-src-1.7.0.6-2.3.4.1.mga2.i586.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.6-2.3.4.1.mga2.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.6-2.3.4.1.mga2.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.6-2.3.4.1.mga2.x86_64.rpm
java-1.7.0-openjdk-javadoc-1.7.0.6-2.3.4.1.mga2.noarch.rpm
java-1.7.0-openjdk-src-1.7.0.6-2.3.4.1.mga2.x86_64.rpm
java-1.7.0-openjdk-debug-1.7.0.6-2.3.4.1.mga2.x86_64.rpm

SRPMS:
java-1.7.0-openjdk-1.7.0.6-2.3.4.1.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0422
http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
https://rhn.redhat.com/errata/RHSA-2013-0165.html
https://bugs.mageia.org/show_bug.cgi?id=8728