MGASA-2013-0084
| Date: | March 3rd, 2013 |
| Affected releases: | 2 |
| Media: | Core |
Description:
Updated java-1.7.0-openjdk packages fix security vulnerabilities:
Multiple improper permission check issues were discovered in the JMX and
Libraries components in OpenJDK. An untrusted Java application or applet
could use these flaws to bypass Java sandbox restrictions (CVE-2013-1486,
CVE-2013-1484).
An improper permission check issue was discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
this flaw to bypass certain Java sandbox restrictions (CVE-2013-1485).
It was discovered that OpenJDK leaked timing information when decrypting
TLS/SSL protocol encrypted records when CBC-mode cipher suites were used.
A remote attacker could possibly use this flaw to retrieve plain text from
the encrypted packets by using a TLS/SSL server as a padding oracle
(CVE-2013-0169).
Updated Packages:
i586:
java-1.7.0-openjdk-1.7.0.6-2.3.7.1.mga2.i586.rpm
java-1.7.0-openjdk-demo-1.7.0.6-2.3.7.1.mga2.i586.rpm
java-1.7.0-openjdk-devel-1.7.0.6-2.3.7.1.mga2.i586.rpm
java-1.7.0-openjdk-javadoc-1.7.0.6-2.3.7.1.mga2.noarch.rpm
java-1.7.0-openjdk-src-1.7.0.6-2.3.7.1.mga2.i586.rpm
java-1.7.0-openjdk-debug-1.7.0.6-2.3.7.1.mga2.i586.rpm
x86_64:
java-1.7.0-openjdk-1.7.0.6-2.3.7.1.mga2.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.6-2.3.7.1.mga2.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.6-2.3.7.1.mga2.x86_64.rpm
java-1.7.0-openjdk-javadoc-1.7.0.6-2.3.7.1.mga2.noarch.rpm
java-1.7.0-openjdk-src-1.7.0.6-2.3.7.1.mga2.x86_64.rpm
java-1.7.0-openjdk-debug-1.7.0.6-2.3.7.1.mga2.x86_64.rpm
SRPMS:
java-1.7.0-openjdk-1.7.0.6-2.3.7.1.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1486
http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/
https://rhn.redhat.com/errata/RHSA-2013-0275.html
https://bugs.mageia.org/show_bug.cgi?id=9139
