Date:         Tue, 4 Sep 2012 11:33:37 -0500
Reply-To:     Pat Riehecky 
Sender:       Security Errata for Scientific Linux
              
From:         Pat Riehecky 
Organization: Fermilab
Subject:      Security ERRATA Important: java-1.7.0-openjdk on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis:          Important: java-1.7.0-openjdk security update
Issue Date:        2012-09-03
CVE Numbers:       CVE-2012-1682
                    CVE-2012-0547
                    CVE-2012-4681
                    CVE-2012-3136

These packages provide the OpenJDK 7 Java Runtime Environment and the
OpenJDK 7 Software Development Kit.

Multiple improper permission check issues were discovered in the Beans
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2012-4681,
CVE-2012-1682, CVE-2012-3136)

A hardening fix was applied to the AWT component in OpenJDK, removing
functionality from the restricted SunToolkit class that was used in
combination with other flaws to bypass Java sandbox restrictions.
(CVE-2012-0547)

All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

SL6
   x86_64
     java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
     java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
     java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
     java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
   i386
     java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.i686.rpm
     java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.3.i686.rpm
     java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.3.i686.rpm
     java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.3.i686.rpm
   noarch
     java-1.7.0-openjdk-javadoc-1.7.0.5-2.2.1.el6_3.3.noarch.rpm

- Scientific Linux Development Team