LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Mageia alert MGASA-2013-0084 (java-1.7.0-openjdk)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2013-0084:
 java-1.7.0-openjdk-1.7.0.6-2.3.7.1.mga2 (2/core) 


Date:
    	      Sun, 3 Mar 2013 01:09:50 +0100


Message-ID:
    	      <20130303000950.GA18633@valstar.mageia.org>


Archive-link:
    	      Article, Thread
              


MGASA-2013-0084
Date: 	March 3rd, 2013
Affected releases: 	2
Media: 	Core


Description:
Updated java-1.7.0-openjdk packages fix security vulnerabilities:

Multiple improper permission check issues were discovered in the JMX and
Libraries components in OpenJDK. An untrusted Java application or applet
could use these flaws to bypass Java sandbox restrictions (CVE-2013-1486,
CVE-2013-1484).

An improper permission check issue was discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
this flaw to bypass certain Java sandbox restrictions (CVE-2013-1485).

It was discovered that OpenJDK leaked timing information when decrypting
TLS/SSL protocol encrypted records when CBC-mode cipher suites were used.
A remote attacker could possibly use this flaw to retrieve plain text from
the encrypted packets by using a TLS/SSL server as a padding oracle
(CVE-2013-0169).


Updated Packages:
i586:
java-1.7.0-openjdk-1.7.0.6-2.3.7.1.mga2.i586.rpm
java-1.7.0-openjdk-demo-1.7.0.6-2.3.7.1.mga2.i586.rpm
java-1.7.0-openjdk-devel-1.7.0.6-2.3.7.1.mga2.i586.rpm
java-1.7.0-openjdk-javadoc-1.7.0.6-2.3.7.1.mga2.noarch.rpm
java-1.7.0-openjdk-src-1.7.0.6-2.3.7.1.mga2.i586.rpm
java-1.7.0-openjdk-debug-1.7.0.6-2.3.7.1.mga2.i586.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.6-2.3.7.1.mga2.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.6-2.3.7.1.mga2.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.6-2.3.7.1.mga2.x86_64.rpm
java-1.7.0-openjdk-javadoc-1.7.0.6-2.3.7.1.mga2.noarch.rpm
java-1.7.0-openjdk-src-1.7.0.6-2.3.7.1.mga2.x86_64.rpm
java-1.7.0-openjdk-debug-1.7.0.6-2.3.7.1.mga2.x86_64.rpm

SRPMS:
java-1.7.0-openjdk-1.7.0.6-2.3.7.1.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1486
http://blog.fuseyism.com/index.php/2013/02/20/security-ic...
https://rhn.redhat.com/errata/RHSA-2013-0275.html
https://bugs.mageia.org/show_bug.cgi?id=9139
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds