Описание
ELSA-2013-0752: java-1.7.0-openjdk security update (IMPORTANT)
[1.7.0.19-2.3.9.1.0.1.el5_9]
- Add oracle-enterprise.patch
- Fix DISTRO_NAME to "Enterprise Linux"
[1.7.0.19-2.3.9.1.el5]
- updated to updated IcedTea 2.3.9 with fix to one of security fixes
- fixed font glyph offset
- Resolves: rhbz#950376
[1.7.0.19-2.3.9.0.el5]
- updated to IcedTea 2.3.9 with latest security patches
- buildver sync to b19
- rewritten java-1.7.0-openjdk-java-access-bridge-security.patch
- Resolves: rhbz#950376
[1.7.0.9-2.3.8.1.el5]
- Added some of the latest Fedora spec bugfixes
- Bumped release
- zlib in BuildReq restricted for 1.2.3-7 or higher
- see https://bugzilla.redhat.com/show_bug.cgi?id=904231
- Removed a -icedtea tag from the version
- package have less and less connections to icedtea7
- Added gcc-c++ build dependence. Sometimes caused troubles during rpm -bb
- Added (Build)Requires for fontconfig and xorg-x11-fonts-Type1
- see https://bugzilla.redhat.com/show_bug.cgi?id=721033 for details
- logging.properties marked as config(noreplace)
- see https://bugzilla.redhat.com/show_bug.cgi?id=679180 for details
- nss.cfg was marked as config(noreplace)
- slaves sync with el6
- Resolves: rhbz#950376
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
java-1.7.0-openjdk
1.7.0.19-2.3.9.1.0.1.el5_9
java-1.7.0-openjdk-demo
1.7.0.19-2.3.9.1.0.1.el5_9
java-1.7.0-openjdk-devel
1.7.0.19-2.3.9.1.0.1.el5_9
java-1.7.0-openjdk-javadoc
1.7.0.19-2.3.9.1.0.1.el5_9
java-1.7.0-openjdk-src
1.7.0.19-2.3.9.1.0.1.el5_9
Oracle Linux i386
java-1.7.0-openjdk
1.7.0.19-2.3.9.1.0.1.el5_9
java-1.7.0-openjdk-demo
1.7.0.19-2.3.9.1.0.1.el5_9
java-1.7.0-openjdk-devel
1.7.0.19-2.3.9.1.0.1.el5_9
java-1.7.0-openjdk-javadoc
1.7.0.19-2.3.9.1.0.1.el5_9
java-1.7.0-openjdk-src
1.7.0.19-2.3.9.1.0.1.el5_9
Ссылки на источники
Связанные уязвимости
ELSA-2013-0751: java-1.7.0-openjdk security update (CRITICAL)
ELSA-2013-0770: java-1.6.0-openjdk security update (IMPORTANT)
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions.
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions.
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions.