LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

openSUSE alert openSUSE-SU-2012:1175-1 (java-1_6_0-openjdk)



From:
    	      opensuse-security@opensuse.org 


To:
    	      opensuse-security-announce@opensuse.org 


Subject:
    	      [security-announce] openSUSE-SU-2012:1175-1: critical: java-1_6_0-openjdk: icedtea-web update to 1.11.4 (bnc#)  


Date:
    	      Fri, 14 Sep 2012 14:13:53 +0200 (CEST)


Message-ID:
    	      <20120914121353.57EA53225C@maintenance.suse.de>


Archive-link:
    	      Article, Thread
              


   openSUSE Security Update: java-1_6_0-openjdk: icedtea-web update to 1.11.4 (bnc#) 
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2012:1175-1
Rating:             critical
References:         #777499 
Cross-References:   CVE-2012-0547 CVE-2012-1682
Affected Products:
                    openSUSE 12.1
                    openSUSE 11.4
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   The icedtea-web Java plugin was updated to 1.11.4 to fix
   critical security issues:

   * Security fixes
   - S7162476, CVE-2012-1682: XMLDecoder security issue via
   ClassFinder
   - S7163201, CVE-2012-0547: Simplify toolkit internals
   references
   * OpenJDK
   - S7182135: Impossible to use some editors directly
   - S7185678:
   java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java
   failed with NPE


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 12.1:

      zypper in -t patch openSUSE-2012-601

   - openSUSE 11.4:

      zypper in -t patch openSUSE-2012-601

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 12.1 (i586 x86_64):

      java-1_6_0-openjdk-1.6.0.0_b24.1.11.4-12.1
      java-1_6_0-openjdk-debuginfo-1.6.0.0_b24.1.11.4-12.1
      java-1_6_0-openjdk-debugsource-1.6.0.0_b24.1.11.4-12.1
      java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.4-12.1
      java-1_6_0-openjdk-demo-debuginfo-1.6.0.0_b24.1.11.4-12.1
      java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.4-12.1
      java-1_6_0-openjdk-devel-debuginfo-1.6.0.0_b24.1.11.4-12.1
      java-1_6_0-openjdk-javadoc-1.6.0.0_b24.1.11.4-12.1
      java-1_6_0-openjdk-src-1.6.0.0_b24.1.11.4-12.1

   - openSUSE 11.4 (i586 x86_64):

      java-1_6_0-openjdk-1.6.0.0_b24.1.11.4-0.17.1
      java-1_6_0-openjdk-debuginfo-1.6.0.0_b24.1.11.4-0.17.1
      java-1_6_0-openjdk-debugsource-1.6.0.0_b24.1.11.4-0.17.1
      java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.4-0.17.1
      java-1_6_0-openjdk-demo-debuginfo-1.6.0.0_b24.1.11.4-0.17.1
      java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.4-0.17.1
      java-1_6_0-openjdk-devel-debuginfo-1.6.0.0_b24.1.11.4-0.17.1
      java-1_6_0-openjdk-javadoc-1.6.0.0_b24.1.11.4-0.17.1
      java-1_6_0-openjdk-src-1.6.0.0_b24.1.11.4-0.17.1


References:

   http://support.novell.com/security/cve/CVE-2012-0547.html

   http://support.novell.com/security/cve/CVE-2012-1682.html

   https://bugzilla.novell.com/777499


-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds