From Mageia wiki
Jump to: navigation, search

MGASA-2013-0038

Date: February 6th, 2013
Affected releases: 2
Media: Core


Description:
Updated java-1.6.0-openjdk packages fix security vulnerabilities:

RMI data sanitization (CVE-2013-0424).

Add logging context (CVE-2013-0425).

Find log level matching its name or value given at construction time
(CVE-2013-0426).

Improve thread pool shutdown (CVE-2013-0427).

Improving CORBA internals (CVE-2013-0429).

Improve clipboard access (CVE-2013-0432).

Better validation of client keys (CVE-2013-0443).

Better Checking of order of TLS Messages (CVE-2013-0440).

Issue in toolkit thread (CVE-2013-0442).

(proxy) Reflect about creating reflective proxies (CVE-2013-0428).

Change modifiers on unused fields (CVE-2013-0441).

Better handling of UI elements (CVE-2013-0435).

InetSocketAddress serialization issue (CVE-2013-0433).

Contextualize RequiredModelMBean class (CVE-2013-0450).

Improve IIOP type reuse management (CVE-2013-1475).

Restrict access to class constructor (CVE-2013-1476).

Improve JAXP HTTP handling (CVE-2013-0434).

Improve image processing (CVE-2013-1478).

Improve management of images (CVE-2013-1480).

This updates IcedTea6 to version 1.11.6, which fixes these issues,
as well as several others.


Updated Packages:
i586:
java-1.6.0-openjdk-1.6.0.0-36.b24.1.mga2.i586.rpm
java-1.6.0-openjdk-demo-1.6.0.0-36.b24.1.mga2.i586.rpm
java-1.6.0-openjdk-devel-1.6.0.0-36.b24.1.mga2.i586.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-36.b24.1.mga2.noarch.rpm
java-1.6.0-openjdk-src-1.6.0.0-36.b24.1.mga2.noarch.rpm
java-1.6.0-openjdk-debug-1.6.0.0-36.b24.1.mga2.i586.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.0-36.b24.1.mga2.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-36.b24.1.mga2.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-36.b24.1.mga2.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-36.b24.1.mga2.noarch.rpm
java-1.6.0-openjdk-src-1.6.0.0-36.b24.1.mga2.noarch.rpm
java-1.6.0-openjdk-debug-1.6.0.0-36.b24.1.mga2.x86_64.rpm

SRPMS:
java-1.6.0-openjdk-1.6.0.0-36.b24.1.mga2.src.rpm


References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0424
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0425
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0426
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0427
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0428
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0429
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0432
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0433
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0434
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0435
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0440
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0441
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0442
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0450
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1475
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1476
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1478
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1480
http://blog.fuseyism.com/index.php/2013/02/03/security-icedtea6-1-11-6-released/
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
https://bugs.mageia.org/show_bug.cgi?id=8976

Retrieved from "https://wiki.mageia.org/mw-en/index.php?title=Support/Advisories/MGASA-2013-0038&oldid=14018"