Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
91
security advisorygentoosoftware updateGentoo: GLSA-202006-22 Normal: OpenJDK, IcedTea Multiple Issues
Multiple vulnerabilities have been found in OpenJDK and IcedTea, the worst of which could result in the arbitrary execution of code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202006-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenJDK, IcedTea: Multiple vulnerabilities Date: June 15, 2020 Bugs: #718720, #720690 ID: 202006-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in OpenJDK and IcedTea, the worst of which could result in the arbitrary execution of code. Background ========= OpenJDK is a free and open-source implementation of the Java Platform, Standard Edition. IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/openjdk-bin < 8.252_p09 > = 8.252_p09 2 dev-java/openjdk-jre-bin < 8.252_p09 > = 8.252_p09 3 dev-java/icedtea-bin < 3.16.0 > = 3.16.0 ------------------------------------------------------------------- 3 affected packages Description ========== Multiple vulnerabilities have been discovered in OpenJDK and IcedTea. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at thistime. Resolution ========= All OpenJDK binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-java/openjdk-bin-8.252_p09" All OpenJDK JRE binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "> =dev-java/openjdk-jre-bin-8.252_p09" All IcedTea binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-java/icedtea-bin-3.16.0" References ========= [ 1 ] CVE-2020-2585 https://nvd.nist.gov/vuln/detail/CVE-2020-2585 [ 2 ] CVE-2020-2585 https://nvd.nist.gov/vuln/detail/CVE-2020-2585 [ 3 ] CVE-2020-2755 https://nvd.nist.gov/vuln/detail/CVE-2020-2755 [ 4 ] CVE-2020-2755 https://nvd.nist.gov/vuln/detail/CVE-2020-2755 [ 5 ] CVE-2020-2756 https://nvd.nist.gov/vuln/detail/CVE-2020-2756 [ 6 ] CVE-2020-2756 https://nvd.nist.gov/vuln/detail/CVE-2020-2756 [ 7 ] CVE-2020-2757 https://nvd.nist.gov/vuln/detail/CVE-2020-2757 [ 8 ] CVE-2020-2757 https://nvd.nist.gov/vuln/detail/CVE-2020-2757 [ 9 ] CVE-2020-2773 https://nvd.nist.gov/vuln/detail/CVE-2020-2773 [ 10 ] CVE-2020-2773 https://nvd.nist.gov/vuln/detail/CVE-2020-2773 [ 11 ] CVE-2020-2781 https://nvd.nist.gov/vuln/detail/CVE-2020-2781 [ 12 ] CVE-2020-2781 https://nvd.nist.gov/vuln/detail/CVE-2020-2781 [ 13 ] CVE-2020-2800 https://nvd.nist.gov/vuln/detail/CVE-2020-2800 [ 14 ] CVE-2020-2800 https://nvd.nist.gov/vuln/detail/CVE-2020-2800 [ 15 ] CVE-2020-2803 https://nvd.nist.gov/vuln/detail/CVE-2020-2803 [ 16 ] CVE-2020-2803 https://nvd.nist.gov/vuln/detail/CVE-2020-2803 [ 17 ] CVE-2020-2805 https://nvd.nist.gov/vuln/detail/CVE-2020-2805 [ 18 ] CVE-2020-2805 https://nvd.nist.gov/vuln/detail/CVE-2020-2805 [ 19 ] CVE-2020-2830 https://nvd.nist.gov/vuln/detail/CVE-2020-2830 [ 20 ] CVE-2020-2830 https://nvd.nist.gov/vuln/detail/CVE-2020-2830 Availability =========== ThisGLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202006-22 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jun 15, 2020
Gentoo
91
security advisorygentooremote code executionGentoo: GLSA-201709-22 Normal: Remote Execution in Oracle JDK
Multiple vulnerabilities have been found in Oracle's JRE and JDK software suites, and IcedTea, the worst of which may allow execution of arbitrary code. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201709-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Oracle JDK/JRE, IcedTea: Multiple vulnerabilities Date: September 24, 2017 Bugs: #625602, #626088, #627682 ID: 201709-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Oracle's JRE and JDK software suites, and IcedTea, the worst of which may allow execution of arbitrary code. Background ========= Java Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications require. IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/oracle-jdk-bin < 1.8.0.141 > = 1.8.0.141 2 dev-java/oracle-jre-bin < 1.8.0.141 > = 1.8.0.141 3 dev-java/icedtea-bin < 3.5.0:8 *> = 3.5.0:8 < 7.2.6.11:7 *> = 7.2.6.11:7 ------------------------------------------------------------------- 3 affected packages Description ========== Multiple vulnerabilities have been discovered in Oracle’s JRE, JDK and IcedTea. Please review the referenced CVE identifiers for details. Impact ===== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or gain access to information. Workaround ========= There is no known workaround at this time. Resolution ========= All Oracle JDK binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "> =dev-java/oracle-jdk-bin-1.8.0.141" All Oracle JRE binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "> =dev-java/oracle-jre-bin-1.8.0.141" All IcedTea binary 7.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-java/icedtea-bin-7.2.6.11" All IcedTea binary 3.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-java/icedtea-bin-3.5.0" References ========= [ 1 ] CVE-2017-10053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10053 [ 2 ] CVE-2017-10067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10067 [ 3 ] CVE-2017-10074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10074 [ 4 ] CVE-2017-10078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10078 [ 5 ] CVE-2017-10081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10081 [ 6 ] CVE-2017-10086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10086 [ 7 ] CVE-2017-10087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10087 [ 8 ] CVE-2017-10089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10089 [ 9 ] CVE-2017-10090 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10090 [ 10 ] CVE-2017-10096 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10096 [ 11 ] CVE-2017-10101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10101 [ 12 ] CVE-2017-10102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10102 [ 13 ] CVE-2017-10105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10105 [ 14 ] CVE-2017-10107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10107 [ 15 ] CVE-2017-10108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10108 [ 16 ] CVE-2017-10109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10109 [ 17 ] CVE-2017-10110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10110 [ 18 ] CVE-2017-10111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10111 [ 19 ] CVE-2017-10114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10114 [ 20 ] CVE-2017-10115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10115 [ 21 ] CVE-2017-10116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10116 [ 22 ] CVE-2017-10117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10117 [ 23 ] CVE-2017-10118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10118 [ 24 ] CVE-2017-10121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10121 [ 25 ] CVE-2017-10125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10125 [ 26 ] CVE-2017-10135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10135 [ 27 ] CVE-2017-10176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10176 [ 28 ] CVE-2017-10193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10193 [ 29 ] CVE-2017-10198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10198 [ 30 ] CVE-2017-10243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10243 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201709-22 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Sep 24, 2017
Gentoo
91
security advisorygentoocode executionGentoo GLSA-201707-01 Normal: IcedTea Code Execution Risk
Multiple vulnerabilities have been found in IcedTea, the worst of which may allow execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201707-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: IcedTea: Multiple vulnerabilities Date: July 05, 2017 Bugs: #607676, #609562, #618874, #619458 ID: 201707-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in IcedTea, the worst of which may allow execution of arbitrary code. Background ========= IcedTea's aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/icedtea-bin < 3.4.0 > = 3.4.0 < 7.2.6.10 > = 7.2.6.10 Description ========== Multiple vulnerabilities have been discovered in IcedTea. Please review the CVE identifiers referenced below for details. Note: If the web browser plug-in provided by the dev-java/icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Impact ===== A remote attacker could possibly execute arbitrary code with the privileges of the process, gain access to information, or cause a Denial of Service condition. Workaround ========= There is no known workaround at thistime. Resolution ========= All IcedTea binary 7.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "> =dev-java/icedtea-bin-7.2.6.10:7" All IcedTea binary 3.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-java/icedtea-bin-3.4.0:8" References ========= [ 1 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 2 ] CVE-2016-5546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5546 [ 3 ] CVE-2016-5547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5547 [ 4 ] CVE-2016-5548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5548 [ 5 ] CVE-2016-5549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5549 [ 6 ] CVE-2016-5552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5552 [ 7 ] CVE-2017-3231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3231 [ 8 ] CVE-2017-3241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3241 [ 9 ] CVE-2017-3252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3252 [ 10 ] CVE-2017-3253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3253 [ 11 ] CVE-2017-3260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3260 [ 12 ] CVE-2017-3261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3261 [ 13 ] CVE-2017-3272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3272 [ 14 ] CVE-2017-3289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3289 [ 15 ] CVE-2017-3509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3509 [ 16 ] CVE-2017-3511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3511 [ 17 ] CVE-2017-3512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3512 [ 18 ] CVE-2017-3514 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3514 [ 19 ] CVE-2017-3526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3526 [ 20 ] CVE-2017-3533 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3533 [ 21 ] CVE-2017-3539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3539 [ 22 ] CVE-2017-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3544 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201707-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jul 05, 2017
Gentoo
91
security advisoryupdategentooGentoo: 201606-18 Moderate: IcedTea Remote Access Threats Detected
Multiple vulnerabilities have been found in IcedTea allowing remote attackers to affect confidentiality, integrity, and availability through various vectors. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: IcedTea: Multiple vulnerabilities Date: June 27, 2016 Bugs: #578300, #578788, #581028, #581238 ID: 201606-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in IcedTea allowing remote attackers to affect confidentiality, integrity, and availability through various vectors. Background ========= IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/icedtea-bin < 7.2.6.6-r1 *> = 3.0.1 > = 7.2.6.6-r1 Description ========== Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, Libraries, and JAXP, exist which allows remote attackers to affect the confidentiality, integrity, and availability of vulnerable systems. Many of the vulnerabilities can only be exploited through sandboxed Java Web Start applications and java applets. Please review the CVE identifiers referenced below for details. Impact ===== Remote attackers may execute arbitrary code, compromise information, or causeDenial of Service. Workaround ========= There is no known work around at this time. Resolution ========= Gentoo Security is no longer supporting dev-java/icedtea, as it has been officially dropped from the stable tree. Users of the IcedTea 3.x binary package should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-java/icedtea-bin-3.0.1" Users of the IcedTea 7.x binary package should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-java/icedtea-7.2.6.6" References ========= [ 1 ] CVE-2016-0636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0636 [ 2 ] CVE-2016-0636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0636 [ 3 ] CVE-2016-0686 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0686 [ 4 ] CVE-2016-0687 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0687 [ 5 ] CVE-2016-0695 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0695 [ 6 ] CVE-2016-3422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3422 [ 7 ] CVE-2016-3425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3425 [ 8 ] CVE-2016-3427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3427 [ 9 ] CVE-2016-3443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3443 [ 10 ] CVE-2016-3449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3449 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201606-18 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jun 28, 2016
Gentoo
217
security advisorymoderatesecurity updateOracle Linux 6 ELSA-2016-0778 Moderate: Icedtea Security Update
The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2016-0778 https://linux.oracle.com/errata/ELSA-2016-0778.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: icedtea-web-1.6.2-1.el6.i686.rpm icedtea-web-javadoc-1.6.2-1.el6.noarch.rpm x86_64: icedtea-web-1.6.2-1.el6.x86_64.rpm icedtea-web-javadoc-1.6.2-1.el6.noarch.rpm SRPMS: https://oss.oracle.com:443/ol6/SRPMS-updates/icedtea-web-1.6.2-1.el6.src.rpm Description of changes: [1.6.2-1] - updated to 1.6.2 - fixed also rhbz#1303437 - package owns /etc/bash_completion.d but it should not own it - Resolves: rhbz#1275523 [1.6.1-4] - updated to 1.6.1 - Resolves: rhbz#1275523 . CentOS Security Update CESA-2019-1234 addresses vulnerabilities in the openssl components that have been patched to enhance system safety.. Oracle Linux Update,Icedtea Security Patch,Linux Security Advisory. . LinuxSecurity.com Team
May 13, 2016
Oracle
89
security advisorysecurity updateFedoraFedora 20 OpenJDK High Advisory: 2015-6397 - Critical Security Update
Updated to security icedtea-forest7 2.5.5. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-6397 2015-04-18 05:44:42 -------------------------------------------------------------------------------- Name : java-1.7.0-openjdk Product : Fedora 20 Version : 1.7.0.79 Release : 2.5.5.0.fc20 URL : https://openjdk.org/ Summary : OpenJDK Runtime Environment Description : The OpenJDK runtime environment. -------------------------------------------------------------------------------- Update Information: Updated to security icedtea-forest7 2.5.5 -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 10 2015 Jiri Vanek - 1:1.7.0.75-2.5.5.0 - repacked sources * Thu Apr 9 2015 Jiri Vanek - 1:1.7.0.75-2.5.5.0 - Bump to 2.5.5 using OpenJDK 7u79 b14. - Update OpenJDK tarball creation comments - Drop AArch64 version of RH1191652 HotSpot patch as included upstream. - added Patch406: fixPtraceInclude.patch, Patch404: rh1191652-hotspot.patch Patch405: rh1191652-jdk.patch * Wed Jan 21 2015 Jiri Vanek - 1:1.7.0.75-2.5.4.2 - Updated to security update of 20.1.2015 - Replace unmodified java.security file via headless post scriptlet. - Fix macro expansion in changelog - Fix elliptic curve list as part of fsg.sh - Bump release so that the RHEL 7.1 version is built on AArch64. - Bump to 2.5.4 using OpenJDK 7u75 b13. - Bump AArch64 port to 2.6.0pre17. - Fix abrt_friendly_hs_log_jdk7.patch to apply again and enable on all archs. - Remove OpenJDK 8 / AArch64 version of PStack patch as this is no longer needed. * Tue Dec 16 2014 Jiri Vanek - 1:1.7.0.71-2.5.3.3 - aarch64 sources updated to most recent stable tag - adapted patch4030 PStack-808293-aarch64.patch * Tue Dec 9 2014 Jiri Vanek - 1:1.7.0.71-2.5.3.2 - added and applied patch404 rh1155012-jdk-speedup.patch * Mon Dec 1 2014 Jiri Vanek - 1:1.7.0.71-2.5.3.1 - removed source14 remove-origin-from-rpaths (11690970) - removedbuild requirement for chrpath * Wed Oct 15 2014 Jiri Vanek - 1.7.0.71-2.5.3.0 - updated to security icedtea-forest 2.5.3 * Thu Sep 11 2014 Jiri Vanek - 1.7.0.65-2.5.2.5 - fixed headless to become headless again - jre/lib/archinstall/libjavagtk.so - jre/bin/policytool - jre-abrt/lib/archinstall/libjavagtk.so - all three added to not headless exclude list * Tue Sep 2 2014 Jiri Vanek - 1.7.0.65-2.5.2 - updated to icedtea7-forest 2.5.2 - removed patch404 gtk3ToBeReverted.patch - removed patch405 pr1864_smartcardIO.patch * Tue Jul 22 2014 Jiri Vanek - 1.7.0.65-2.5.1.4 - excluded libmawt.so from autorequires/autoprovides - see https://bugzilla.redhat.com/show_bug.cgi?id=1111349 * Thu Jul 17 2014 Rex Dieter - 1.7.0.65-2.5.1.3 - rebuild (for pulseaudio, bug #1117683) * Mon Jul 14 2014 Jiri Vanek - 1.7.0.65-2.5.1.2 - added and applied fix for samrtcard io patch405, pr1864_smartcardIO.patch * Mon Jul 7 2014 Jiri Vanek - 1.7.0.65-2.5.1.1 - updated to security patched icedtea7-forest-2.5.1 * Wed Jul 2 2014 Jiri Vanek - 1.7.0.60-2.5.0.3 - Added arrch64 support * Tue Jul 1 2014 Andrew Hughes - 1.7.0.60-2.5.0.2 - Add nss-softokn dependency for SunEC provider - Add support for ppc64le - Enable SunEC provider with system NSS support. - Ensure java-1.7.0-openjdk is used to build, not 8 - Set INSTALL_LOCATION so it can be used in the rpath. * Thu Jun 19 2014 Jiri Vanek - 1.7.0.60-2.5.0.1.f20 - added and applied as reverted patch404 gtk3ToBeReverted.patch - reverting controversial fix of * Wed Jun 18 2014 Jiri Vanek - 1.7.0.60-2.5.0.f20 - updated to icedtea7-forest 2.5.0 - removed icedtea_version_presuffix - removed hardcoded 60 - removed upstreamed patch412 add-final-location-rpaths.patch - removed upstreamed patch413 rh1064383-prelink_fix.patch * Thu May 22 2014 Andrew Hughes
Apr 22, 2015
•Critical
Fedora
217
security advisorysecurity updatesecurity issueRed Hat Enterprise Linux 7 ELSA-2023-1856 Critical: OpenJDK Security Patch
The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2012-1434 https://access.redhat.com/errata/RHSA-2012:1434.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: icedtea-web-1.2.2-1.el6_3.i686.rpm icedtea-web-javadoc-1.2.2-1.el6_3.i686.rpm x86_64: icedtea-web-1.2.2-1.el6_3.x86_64.rpm icedtea-web-javadoc-1.2.2-1.el6_3.x86_64.rpm SRPMS: https://oss.oracle.com:443/ol6/SRPMS-updates/icedtea-web-1.2.2-1.el6_3.src.rpm Description of changes: [1.2.2-1] - Updated to 1.2.2 - Resolves: CVE-2012-4540 . Oracle Linux Security Notice ELSA-2012-1435 provides critical patches for openjdk, resolving vulnerabilities.. Oracle Linux Updates,Icedtea Security,ELSA Advisory. . Severity: Critical. LinuxSecurity.com Team
Nov 07, 2012
•Critical
Oracle
202
security advisorysecurity issueimportant updateopenSUSE 12.2 Important: 2012:1419-1 Java OpenJDK Security Fix
An update that fixes 17 vulnerabilities is now available.. openSUSE Security Update: java-1_7_0-openjdk: Update to icedtea-2.3.3 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:1419-1 Rating: important References: #785814 Cross-References: CVE-2012-3216 CVE-2012-4416 CVE-2012-5068 CVE-2012-5069 CVE-2012-5070 CVE-2012-5071 CVE-2012-5073 CVE-2012-5074 CVE-2012-5075 CVE-2012-5076 CVE-2012-5077 CVE-2012-5084 CVE-2012-5085 CVE-2012-5086 CVE-2012-5087 CVE-2012-5088 CVE-2012-5089 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: java-1_7_0-opendjk was updated to icedtea-2.3.3 (bnc#785814) * Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7158796, CVE-2012-5070: Tighten properties checking in EnvHelp - S7158807: Revise stack management with volatile call sites - S7163198, CVE-2012-5076: Tightened package accessibility - S7167656, CVE-2012-5077: Multiple Seeders are being created - S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types - S7169887, CVE-2012-5074: Tightened package accessibility - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector - S7172522, CVE-2012-5072: Improve DomainCombiner checking - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC - S7189103, CVE-2012-5069: Executors needs to maintain state - S7189490: More improvements to DomainCombiner checking - S7189567, CVE-2012-5085: java net obselete protocol - S7192975, CVE-2012-5071: Issue with JMX reflection -S7195194, CVE-2012-5084: Better data validation for Swing - S7195549, CVE-2012-5087: Better bean object persistence - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved - S7195919, CVE-2012-5079: (sl) ServiceLoader can throw CCE without needing to create instance - S7196190, CVE-2012-5088: Improve method of handling MethodHandles - S7198296, CVE-2012-5089: Refactor classloader usage - S7158800: Improve storage of symbol tables - S7158801: Improve VM CompileOnly option - S7158804: Improve config file parsing - S7198606, CVE-2012-4416: Improve VM optimization * Bug fixes - Remove merge artefact. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2012-749 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): java-1_7_0-openjdk-1.7.0.6-3.16.1 java-1_7_0-openjdk-debuginfo-1.7.0.6-3.16.1 java-1_7_0-openjdk-debugsource-1.7.0.6-3.16.1 java-1_7_0-openjdk-demo-1.7.0.6-3.16.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.6-3.16.1 java-1_7_0-openjdk-devel-1.7.0.6-3.16.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.6-3.16.1 java-1_7_0-openjdk-javadoc-1.7.0.6-3.16.1 java-1_7_0-openjdk-src-1.7.0.6-3.16.1 References: https://www.suse.com/security/cve/CVE-2012-3216.html https://www.suse.com/security/cve/CVE-2012-4416.html https://www.suse.com/security/cve/CVE-2012-5068.html https://www.suse.com/security/cve/CVE-2012-5069.html https://www.suse.com/security/cve/CVE-2012-5070.html https://www.suse.com/security/cve/CVE-2012-5071.html https://www.suse.com/security/cve/CVE-2012-5073.html https://www.suse.com/security/cve/CVE-2012-5074.html https://www.suse.com/security/cve/CVE-2012-5075.html https://www.suse.com/security/cve/CVE-2012-5076.html https://www.suse.com/security/cve/CVE-2012-5077.html https://www.suse.com/security/cve/CVE-2012-5084.html https://www.suse.com/security/cve/CVE-2012-5085.html https://www.suse.com/security/cve/CVE-2012-5086.html https://www.suse.com/security/cve/CVE-2012-5087.html https://www.suse.com/security/cve/CVE-2012-5088.html https://www.suse.com/security/cve/CVE-2012-5089.html -- . Resolutions for 17 concerns in openSUSE java-1_7_0-openjdk using icedtea-2.3.3. Upgrade can be accessed through YaST or zypper.. Java Update Icedtea openSUSE Security Update. . Severity: Important. LinuxSecurity.com Team
Oct 31, 2012
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!