Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[security-announce] SUSE-SU-2013:1254-1: important: Security update for java-1_7_0-openjdk

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

SUSE Security Update: Security update for java-1_7_0-openjdk

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2013:1254-1

Rating: important

References: #828665

Cross-References: CVE-2013-1500 CVE-2013-1571 CVE-2013-2407

CVE-2013-2412 CVE-2013-2443 CVE-2013-2444

CVE-2013-2445 CVE-2013-2446 CVE-2013-2447

CVE-2013-2448 CVE-2013-2449 CVE-2013-2450

CVE-2013-2451 CVE-2013-2452 CVE-2013-2453

CVE-2013-2454 CVE-2013-2455 CVE-2013-2456

CVE-2013-2457 CVE-2013-2458 CVE-2013-2459

CVE-2013-2460 CVE-2013-2461 CVE-2013-2463

CVE-2013-2465 CVE-2013-2469 CVE-2013-2470

CVE-2013-2471 CVE-2013-2472 CVE-2013-2473

 

Affected Products:

SUSE Linux Enterprise Desktop 11 SP3

______________________________________________________________________________

 

An update that fixes 30 vulnerabilities is now available.

 

Description:

 

 

This update to icedtea-2.4.1 fixes various security issues:

 

* S6741606, CVE-2013-2407: Integrate Apache Santuario

* S7158805, CVE-2013-2445: Better rewriting of nested

subroutine calls

* S7170730, CVE-2013-2451: Improve Windows network

stack support.

* S8000638, CVE-2013-2450: Improve deserialization

* S8000642, CVE-2013-2446: Better handling of objects

for transportation

* S8001033, CVE-2013-2452: Refactor network address

handling in virtual machine identifiers

* S8001034, CVE-2013-1500: Memory management

improvements

* S8001038, CVE-2013-2444: Resourcefully handle

resources

* S8001318, CVE-2013-2447: Socket.getLocalAddress not

consistent with InetAddress.getLocalHost

* S8001330, CVE-2013-2443: Improve on checking order

(non-Zero builds only)

* S8003703, CVE-2013-2412: Update RMI connection dialog

box

* S8004288, CVE-2013-2449: (fs) Files.probeContentType

problems

* S8006328, CVE-2013-2448: Improve robustness of sound

classes

* S8007812, CVE-2013-2455: (reflect)

Class.getEnclosingMethod problematic for some classes

* S8008120, CVE-2013-2457: Improve JMX class checking

* S8008124, CVE-2013-2453: Better compliance testing

* S8008132, CVE-2013-2456: Better serialization support

* S8008744, CVE-2013-2407: Rework part of fix for

JDK-6741606

* S8009057, CVE-2013-2448: Improve MIDI event handling

* S8009071, CVE-2013-2459: Improve shape handling

* S8009424, CVE-2013-2458: Adapt Nashorn to JSR-292

implementation change

* S8009554, CVE-2013-2454: Improve

SerialJavaObject.getFields

* S8010209, CVE-2013-2460: Better provision of factories

* S8011243, CVE-2013-2470: Improve ImagingLib

* S8011248, CVE-2013-2471: Better Component Rasters

* S8011253, CVE-2013-2472: Better Short Component

Rasters

* S8011257, CVE-2013-2473: Better Byte Component Rasters

* S8012375, CVE-2013-1571: Improve Javadoc framing

* S8012438, CVE-2013-2463: Better image validation

* S8012597, CVE-2013-2465: Better image channel

verification

* S8012601, CVE-2013-2469: Better validation of image

layouts

* S8014281, CVE-2013-2461: Better checking of XML

signature

 

Security Issue references:

 

* CVE-2013-2407

 

* CVE-2013-2445

 

* CVE-2013-2451

 

* CVE-2013-2450

 

* CVE-2013-2446

 

* CVE-2013-2452

 

* CVE-2013-1500

 

* CVE-2013-2444

 

* CVE-2013-2447

 

* CVE-2013-2443

 

* CVE-2013-2412

 

* CVE-2013-2449

 

* CVE-2013-2448

 

* CVE-2013-2455

 

* CVE-2013-2457

 

* CVE-2013-2453

 

* CVE-2013-2456

 

* CVE-2013-2459

 

* CVE-2013-2458

 

* CVE-2013-2454

 

* CVE-2013-2460

 

* CVE-2013-2470

 

* CVE-2013-2471

 

* CVE-2013-2472

 

* CVE-2013-2473

 

* CVE-2013-1571

 

* CVE-2013-2463

 

* CVE-2013-2465

 

* CVE-2013-2469

 

* CVE-2013-2461

 

 

 

Patch Instructions:

 

To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- SUSE Linux Enterprise Desktop 11 SP3:

 

zypper in -t patch sledsp3-java-1_7_0-openjdk-8090

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):

 

java-1_7_0-openjdk-1.7.0.6-0.19.2

java-1_7_0-openjdk-demo-1.7.0.6-0.19.2

java-1_7_0-openjdk-devel-1.7.0.6-0.19.2

 

 

References:

 

http://support.novell.com/security/cve/CVE-2013-1500.html

http://support.novell.com/security/cve/CVE-2013-1571.html

http://support.novell.com/security/cve/CVE-2013-2407.html

http://support.novell.com/security/cve/CVE-2013-2412.html

http://support.novell.com/security/cve/CVE-2013-2443.html

http://support.novell.com/security/cve/CVE-2013-2444.html

http://support.novell.com/security/cve/CVE-2013-2445.html

http://support.novell.com/security/cve/CVE-2013-2446.html

http://support.novell.com/security/cve/CVE-2013-2447.html

http://support.novell.com/security/cve/CVE-2013-2448.html

http://support.novell.com/security/cve/CVE-2013-2449.html

http://support.novell.com/security/cve/CVE-2013-2450.html

http://support.novell.com/security/cve/CVE-2013-2451.html

http://support.novell.com/security/cve/CVE-2013-2452.html

http://support.novell.com/security/cve/CVE-2013-2453.html

http://support.novell.com/security/cve/CVE-2013-2454.html

http://support.novell.com/security/cve/CVE-2013-2455.html

http://support.novell.com/security/cve/CVE-2013-2456.html

http://support.novell.com/security/cve/CVE-2013-2457.html

http://support.novell.com/security/cve/CVE-2013-2458.html

http://support.novell.com/security/cve/CVE-2013-2459.html

http://support.novell.com/security/cve/CVE-2013-2460.html

http://support.novell.com/security/cve/CVE-2013-2461.html

http://support.novell.com/security/cve/CVE-2013-2463.html

http://support.novell.com/security/cve/CVE-2013-2465.html

http://support.novell.com/security/cve/CVE-2013-2469.html

http://support.novell.com/security/cve/CVE-2013-2470.html

http://support.novell.com/security/cve/CVE-2013-2471.html

http://support.novell.com/security/cve/CVE-2013-2472.html

http://support.novell.com/security/cve/CVE-2013-2473.html

https://bugzilla.novell.com/828665

http://download.novell.com/patch/finder/?keywords=562c8781d83d70fa81f9b3c9c3f93137

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×