Fedora alert FEDORA-2012-13131 (java-1.7.0-openjdk)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.6-2.3.1.fc17.2 | |
| Date: | Mon, 03 Sep 2012 22:53:20 +0000 | |
| Message-ID: | <20120903225322.0D6F621434@bastion01.phx2.fedoraproject.org> | |
| Archive‑link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2012-13131 2012-09-01 23:47:21 -------------------------------------------------------------------------------- Name : java-1.7.0-openjdk Product : Fedora 17 Version : 1.7.0.6 Release : 2.3.1.fc17.2 URL : http://openjdk.java.net/ Summary : OpenJDK Runtime Environment Description : The OpenJDK runtime environment. -------------------------------------------------------------------------------- Update Information: This update is fixing recent important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE. It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. (CVE-2012-4681) http://blog.fuseyism.com/index.php/2012/08/31/security-ic... -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 30 2012 jiri Vanek <jvanek@redhat.com> - 1.7.0.6-2.3.1.fc17.2 - Sync with rawhide - Updated to IcedTea-Forest 2.3.1 - Resolves rhbz#RH852051, CVE-2012-4681: Reintroduce PackageAccessible checks removed in 6788531. - Commented out Patch500, java-1.7.0-openjdk-removing_jvisualvm_man.patch as as already included in this Iced-Tea. - Will be nice to verify after next upstream sync if it is still upstreamed - Add symlink to Fedora's default soundfont rhbz#541466 * Wed Aug 22 2012 Jiri Vanek <jvanek@redhat.com> - 1.7.0.6-2.3.fc17.2 - ALT_STRIP_POLICY replaced by STRIP_POLICY * Mon Aug 20 2012 jiri Vanek <jvanek@redhat.com> - 1.7.0.6-2.3.fc17.1 - Updated to latest IcedTea7-forest-2.3 - Current build is u6 - Added Patch500, java-1.7.0-openjdk-removing_jvisualvm_man.patch to remove jvisualvm manpages from processing * Mon Jul 9 2012 Deepak Bhole <dbhole@redhat.com> - 1.7.0.5-2.2.1.fc17.9 - Added support to build older (2.1.1/u3/hs22) version on non-jit (secondary) arches * Wed Jun 13 2012 jiri Vanek <jvanek@redhat.com> - 1.7.0.3-2.2.1fc17.8 - Fixed broken provides sections * Mon Jun 11 2012 jiri Vanek <jvanek@redhat.com> - 1.7.0.3-2.2.1fc17.7 - Used newly prepared tarball with security fixes - Bump to icedtea7-forest-2.2.1 - _mandir/man1/jcmd-name.1 added to alternatives - Updated rhino.patch - Modified partially upstreamed patch302 - systemtap.patch - Temporarly disabled patch102 - java-1.7.0-openjdk-size_t.patch - Removed already upstreamed patches 104,107,108,301 - java-1.7.0-openjdk-arm-ftbfs.patch - java-1.7.0-openjdk-system-zlib.patch - java-1.7.0-openjdk-remove-mimpure-opt.patch - systemtap-alloc-size-workaround.patch - patch 105 (java-1.7.0-openjdk-ppc-zero-jdk.patch) have become 104 - patch 106 (java-1.7.0-openjdk-ppc-zero-hotspot.patch) have become 105 - Added build requires zip, which was untill now dependence of dependence - Access gnome brridge jar forced to be 644 * Fri May 25 2012 Deepak Bhole <dbhole@redhat.com> - 1.7.0.3-2.1.fc17.7 - Miscellaneous fixes brought in from RHEL branch - Resolves: rhbz#825255: Added ALT_STRIP_POLICY so that debug info is not stripped -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update java-1.7.0-openjdk' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...