SUSE Security Update: Security update for java-1_6_0-openjdk
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:0814-1
Rating:             important
References:         #817157 
Cross-References:   CVE-2013-0401 CVE-2013-1488 CVE-2013-1518
                    CVE-2013-1537 CVE-2013-1557 CVE-2013-1569
                    CVE-2013-2383 CVE-2013-2384 CVE-2013-2415
                    CVE-2013-2417 CVE-2013-2419 CVE-2013-2420
                    CVE-2013-2421 CVE-2013-2422 CVE-2013-2424
                    CVE-2013-2426 CVE-2013-2429 CVE-2013-2430
                    CVE-2013-2431
Affected Products:
                    SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________

   An update that fixes 19 vulnerabilities is now available.

Description:


   java-1_6_0-openjdk has been updated to version
   Icedtea6-1.12.5 which fixes  several security issues.


   Security fixes

   * S6657673, CVE-2013-1518: Issues with JAXP
   * S7200507: Refactor Introspector internals
   * S8000724, CVE-2013-2417: Improve networking
   serialization
   * S8001031, CVE-2013-2419: Better font processing
   * S8001040, CVE-2013-1537: Rework RMI model
   * S8001322: Refactor deserialization
   * S8001329, CVE-2013-1557: Augment RMI logging
   * S8003335: Better handling of Finalizer thread
   * S8003445: Adjust JAX-WS to focus on API
   * S8003543, CVE-2013-2415: Improve processing of MTOM
   attachments
   * S8004261: Improve input validation
   * S8004336, CVE-2013-2431: Better handling of method
   handle intrinsic frames
   * S8004986, CVE-2013-2383: Better handling of glyph
   table
   * S8004987, CVE-2013-2384: Improve font layout
   * S8004994, CVE-2013-1569: Improve checking of glyph
   table
   * S8005432: Update access to JAX-WS
   * S8005943: (process) Improved Runtime.exec
   * S8006309: More reliable control panel operation
   * S8006435, CVE-2013-2424: Improvements in JMX
   * S8006790: Improve checking for windows
   * S8006795: Improve font warning messages
   * S8007406: Improve accessibility of AccessBridge
   * S8007617, CVE-2013-2420: Better validation of images
   * S8007667, CVE-2013-2430: Better image reading
   * S8007918, CVE-2013-2429: Better image writing
   * S8009063, CVE-2013-2426: Improve reliability of
   ConcurrentHashMap
   * S8009305, CVE-2013-0401: Improve AWT data transfer
   * S8009699, CVE-2013-2421: Methodhandle lookup
   * S8009814, CVE-2013-1488: Better driver management
   * S8009857, CVE-2013-2422: Problem with plugin
   * RH952389: Temporary files created with insecure
   permissions


   Backports

   * S7197906: BlockOffsetArray::power_to_cards_back()
   needs to handle > 32 bit shifts
   * S7036559: ConcurrentHashMap footprint and contention
   improvements
   * S5102804: Memory leak in
   Introspector.getBeanInfo(Class) for custom BeanInfo: Class
   param (with WeakCache from S6397609)
   * S6501644: sync LayoutEngine code structure to match
   ICU
   * S6886358: layout code update
   * S6963811: Deadlock-prone locking changes in
   Introspector
   * S7017324: Kerning crash in JDK 7 since ICU layout
   update
   * S7064279: Introspector.getBeanInfo() should release
   some resources in timely manner
   * S8004302: javax/xml/soap/Test7013971.java fails since
   jdk6u39b01
   * S7133220: Additional patches to JAXP 1.4.5 update 1
   for 7u4 (partial for S6657673)
   * S8009530: ICU Kern table support broken


   Bug fixes

   * OJ3: Fix get_stack_bounds memory leak (alternate fix
   for S7197906)
   * PR1362: Fedora 19 / rawhide FTBFS SIGILL
   * PR1338: Remove dependence on libXp
   * PR1339: Simplify the rhino class rewriter to avoid
   use of concurrency
   * PR1336: Bootstrap failure on Fedora 17/18
   * PR1319: Correct #ifdef to #if
   * PR1402: Support glibc < 2.17 with AArch64 patch
   * Give xalan/xerces access to their own internal
   packages.


   New features

   * JAXP, JAXWS & JAF supplied as patches rather than
   drops to aid subsequent patching.
   * PR1380: Add AArch64 support to Zero

   Security Issue references:

   * CVE-2013-1518
   
   * CVE-2013-2417
   
   * CVE-2013-2419
   
   * CVE-2013-1537
   
   * CVE-2013-1557
   
   * CVE-2013-2415
   
   * CVE-2013-2431
   
   * CVE-2013-2383
   
   * CVE-2013-2384
   
   * CVE-2013-1569
   
   * CVE-2013-2424
   
   * CVE-2013-2420
   
   * CVE-2013-2430
   
   * CVE-2013-2429
   
   * CVE-2013-2426
   
   * CVE-2013-0401
   
   * CVE-2013-2421
   
   * CVE-2013-1488
   
   * CVE-2013-2422
   


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-java-1_6_0-openjdk-7718

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):

      java-1_6_0-openjdk-1.6.0.0_b27.1.12.5-0.2.1
      java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.5-0.2.1
      java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.5-0.2.1


References:

   https://www.suse.com/security/cve/CVE-2013-0401.html
   https://www.suse.com/security/cve/CVE-2013-1488.html
   https://www.suse.com/security/cve/CVE-2013-1518.html
   https://www.suse.com/security/cve/CVE-2013-1537.html
   https://www.suse.com/security/cve/CVE-2013-1557.html
   https://www.suse.com/security/cve/CVE-2013-1569.html
   https://www.suse.com/security/cve/CVE-2013-2383.html
   https://www.suse.com/security/cve/CVE-2013-2384.html
   https://www.suse.com/security/cve/CVE-2013-2415.html
   https://www.suse.com/security/cve/CVE-2013-2417.html
   https://www.suse.com/security/cve/CVE-2013-2419.html
   https://www.suse.com/security/cve/CVE-2013-2420.html
   https://www.suse.com/security/cve/CVE-2013-2421.html
   https://www.suse.com/security/cve/CVE-2013-2422.html
   https://www.suse.com/security/cve/CVE-2013-2424.html
   https://www.suse.com/security/cve/CVE-2013-2426.html
   https://www.suse.com/security/cve/CVE-2013-2429.html
   https://www.suse.com/security/cve/CVE-2013-2430.html
   https://www.suse.com/security/cve/CVE-2013-2431.html
   https://bugzilla.novell.com/817157
   https://login.microfocus.com/nidp/app/login

SuSE: 2013:0814-1: important: java-1_6_0-openjdk

May 21, 2013
An update that fixes 19 vulnerabilities is now available

Summary

java-1_6_0-openjdk has been updated to version Icedtea6-1.12.5 which fixes several security issues. Security fixes * S6657673, CVE-2013-1518: Issues with JAXP * S7200507: Refactor Introspector internals * S8000724, CVE-2013-2417: Improve networking serialization * S8001031, CVE-2013-2419: Better font processing * S8001040, CVE-2013-1537: Rework RMI model * S8001322: Refactor deserialization * S8001329, CVE-2013-1557: Augment RMI logging * S8003335: Better handling of Finalizer thread * S8003445: Adjust JAX-WS to focus on API * S8003543, CVE-2013-2415: Improve processing of MTOM attachments * S8004261: Improve input validation * S8004336, CVE-2013-2431: Better handling of method handle intrinsic frames * S8004986, CVE-2013-2383: Better handling of glyph table * S8004987, CVE-2013-2384: Improve font layout * S8004994, CVE-2013-1569: Improve checking of glyph table * S8005432: Update access to JAX-WS * S8005943: (process) Improved Runtime.exec * S8006309: More reliable control panel operation * S8006435, CVE-2013-2424: Improvements in JMX * S8006790: Improve checking for windows * S8006795: Improve font warning messages * S8007406: Improve accessibility of AccessBridge * S8007617, CVE-2013-2420: Better validation of images * S8007667, CVE-2013-2430: Better image reading * S8007918, CVE-2013-2429: Better image writing * S8009063, CVE-2013-2426: Improve reliability of ConcurrentHashMap * S8009305, CVE-2013-0401: Improve AWT data transfer * S8009699, CVE-2013-2421: Methodhandle lookup * S8009814, CVE-2013-1488: Better driver management * S8009857, CVE-2013-2422: Problem with plugin * RH952389: Temporary files created with insecure permissions Backports * S7197906: BlockOffsetArray::power_to_cards_back() needs to handle > 32 bit shifts * S7036559: ConcurrentHashMap footprint and contention improvements * S5102804: Memory leak in Introspector.getBeanInfo(Class) for custom BeanInfo: Class param (with WeakCache from S6397609) * S6501644: sync LayoutEngine code structure to match ICU * S6886358: layout code update * S6963811: Deadlock-prone locking changes in Introspector * S7017324: Kerning crash in JDK 7 since ICU layout update * S7064279: Introspector.getBeanInfo() should release some resources in timely manner * S8004302: javax/xml/soap/Test7013971.java fails since jdk6u39b01 * S7133220: Additional patches to JAXP 1.4.5 update 1 for 7u4 (partial for S6657673) * S8009530: ICU Kern table support broken Bug fixes * OJ3: Fix get_stack_bounds memory leak (alternate fix for S7197906) * PR1362: Fedora 19 / rawhide FTBFS SIGILL * PR1338: Remove dependence on libXp * PR1339: Simplify the rhino class rewriter to avoid use of concurrency * PR1336: Bootstrap failure on Fedora 17/18 * PR1319: Correct #ifdef to #if * PR1402: Support glibc < 2.17 with AArch64 patch * Give xalan/xerces access to their own internal packages. New features * JAXP, JAXWS & JAF supplied as patches rather than drops to aid subsequent patching. * PR1380: Add AArch64 support to Zero Security Issue references: * CVE-2013-1518 * CVE-2013-2417 * CVE-2013-2419 * CVE-2013-1537 * CVE-2013-1557 * CVE-2013-2415 * CVE-2013-2431 * CVE-2013-2383 * CVE-2013-2384 * CVE-2013-1569 * CVE-2013-2424 * CVE-2013-2420 * CVE-2013-2430 * CVE-2013-2429 * CVE-2013-2426 * CVE-2013-0401 * CVE-2013-2421 * CVE-2013-1488 * CVE-2013-2422 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-java-1_6_0-openjdk-7718 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b27.1.12.5-0.2.1 java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.5-0.2.1 java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.5-0.2.1

References

#817157

Cross- CVE-2013-0401 CVE-2013-1488 CVE-2013-1518

CVE-2013-1537 CVE-2013-1557 CVE-2013-1569

CVE-2013-2383 CVE-2013-2384 CVE-2013-2415

CVE-2013-2417 CVE-2013-2419 CVE-2013-2420

CVE-2013-2421 CVE-2013-2422 CVE-2013-2424

CVE-2013-2426 CVE-2013-2429 CVE-2013-2430

CVE-2013-2431

Affected Products:

SUSE Linux Enterprise Desktop 11 SP2

https://www.suse.com/security/cve/CVE-2013-0401.html

https://www.suse.com/security/cve/CVE-2013-1488.html

https://www.suse.com/security/cve/CVE-2013-1518.html

https://www.suse.com/security/cve/CVE-2013-1537.html

https://www.suse.com/security/cve/CVE-2013-1557.html

https://www.suse.com/security/cve/CVE-2013-1569.html

https://www.suse.com/security/cve/CVE-2013-2383.html

https://www.suse.com/security/cve/CVE-2013-2384.html

https://www.suse.com/security/cve/CVE-2013-2415.html

https://www.suse.com/security/cve/CVE-2013-2417.html

https://www.suse.com/security/cve/CVE-2013-2419.html

https://www.suse.com/security/cve/CVE-2013-2420.html

https://www.suse.com/security/cve/CVE-2013-2421.html

https://www.suse.com/security/cve/CVE-2013-2422.html

https://www.suse.com/security/cve/CVE-2013-2424.html

https://www.suse.com/security/cve/CVE-2013-2426.html

https://www.suse.com/security/cve/CVE-2013-2429.html

https://www.suse.com/security/cve/CVE-2013-2430.html

https://www.suse.com/security/cve/CVE-2013-2431.html

https://bugzilla.novell.com/817157

https://login.microfocus.com/nidp/app/login

Severity
Announcement ID: SUSE-SU-2013:0814-1
Rating: important

Related News

Google Chrome 129: Addressing Crucial Vulnerabilities and Enhancing Security
2 - 4 min read
Google Chrome remains the crown jewel in the browser market, with an impressive user base of approximately 3.45 billion. However, this immense
Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved