Описание
ELSA-2013-0602: java-1.7.0-openjdk security update (CRITICAL)
[1.7.0.9-2.3.8.0.0.1.el6_4]
- Update DISTRO_NAME in specfile
[1.7.0.9-2.3.8.0el6]
- Revert to rhel 6.3 version of spec file
- Revert to icedtea7 2.3.8 forest
- Resolves: rhbz#917183
[1.7.0.11-2.4.0.pre5.el6]
- Update to latest snapshot of icedtea7 2.4 forest
- Resolves: rhbz#917183
[1.7.0.9-2.4.0.pre4.3.el6]
- Updated to icedtea 2.4.0.pre4,
- Rewritten (again) patch3 java-1.7.0-openjdk-java-access-bridge-security.patch
- Resolves: rhbz#911530
[1.7.0.9-2.4.0.pre3.3.el6]
- Updated to icedtea 2.4.0.pre3, updated!
- Rewritten patch3 java-1.7.0-openjdk-java-access-bridge-security.patch
- Resolves: rhbz#911530
[1.7.0.9-2.4.0.pre2.3.el6]
- Removed testing
- mauve was outdated and
- jtreg was icedtea relict
- Updated to icedtea 2.4.0.pre2, updated?
- Added java -Xshare:dump to post (see 513605) fo jitarchs
- Resolves: rhbz#911530
[1.7.0.11-2.4.0.2.el6]
- Unapplied but kept (for 2.3revert) patch110, java-1.7.0-openjdk-nss-icedtea-e9c857dcb964.patch
- Added and applied patch113: java-1.7.0-openjdk-aes-update_reset.patch
- Added and applied patch114: java-1.7.0-openjdk-nss-tck.patch
- Added and applied patch115: java-1.7.0-openjdk-nss-split_results.patch
- NSS enabled by default - enable_nss set to 1
- rewritten patch109 - java-1.7.0-openjdk-nss-config-1.patch
- rewritten patch111 - java-1.7.0-openjdk-nss-config-2.patch
- Resolves: rhbz#831734
[1.7.0.11-2.4.0.1.el6]
- Rewritten patch105: java-1.7.0-openjdk-disable-system-lcms.patch
- Added jxmd and idlj to alternatives
- make executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true
- Unapplied patch302 and deleted systemtap.patch
- buildver increased to 11
- icedtea_version set to 2.4.0
- Added and applied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch
- removed tmp-patches source tarball
- Added /lib/security/US_export_policy.jar and lib/security/local_policy.jar
- Disabled nss - enable_nss set to 0
- Resolves: rhbz#895034
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
java-1.7.0-openjdk
1.7.0.9-2.3.8.0.0.1.el6_4
java-1.7.0-openjdk-demo
1.7.0.9-2.3.8.0.0.1.el6_4
java-1.7.0-openjdk-devel
1.7.0.9-2.3.8.0.0.1.el6_4
java-1.7.0-openjdk-javadoc
1.7.0.9-2.3.8.0.0.1.el6_4
java-1.7.0-openjdk-src
1.7.0.9-2.3.8.0.0.1.el6_4
Oracle Linux i686
java-1.7.0-openjdk
1.7.0.9-2.3.8.0.0.1.el6_4
java-1.7.0-openjdk-demo
1.7.0.9-2.3.8.0.0.1.el6_4
java-1.7.0-openjdk-devel
1.7.0.9-2.3.8.0.0.1.el6_4
java-1.7.0-openjdk-javadoc
1.7.0.9-2.3.8.0.0.1.el6_4
java-1.7.0-openjdk-src
1.7.0.9-2.3.8.0.0.1.el6_4
Связанные CVE
Связанные уязвимости
ELSA-2013-0605: java-1.6.0-openjdk security update (CRITICAL)
ELSA-2013-0604: java-1.6.0-openjdk security update (IMPORTANT)
ELSA-2013-0603: java-1.7.0-openjdk security update (IMPORTANT)
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.