Security packages for Java posted for testing at

ftp://ftp.scientificlinux.org/linux/scientific/5rolling/testing/i386/
ftp://ftp.scientificlinux.org/linux/scientific/5rolling/testing/x86_64/

Next week these packages will be officially released.  This delay is to
allow you time to test and verify your production applications will run
as expected once this security update is applied.

If you do not want this security update please consult your site's
local security policy to determine how you should proceed.  Scientific
Linux will automatically feature this update next week.

As a reminder, the openjdk Java environment is available in Scientific
Linux 5.  Updates for openjdk are released in a similar manner to other
security updates.  Additionally, Scientific Linux 6 does not bundle the
closed source Java environment.  So if you are planning to move to
Scientific Linux 6 in the future, you may wish to begin the java
migration to openjdk at this time.




The update advisory is posted below:

Synopsis: Important: java-1.6.0-sun
Issue Date: 2012-09-04
CVE Numbers: CVE-2012-4681


These vulnerabilities may be remotely exploitable without 
authentication, i.e., they may be exploited over a network without the 
need for a username and password. To be successfully exploited, an 
unsuspecting user running an affected release in a browser will need to 
visit a malicious web page that leverages this vulnerability. Successful 
exploits can impact the availability, integrity, and confidentiality of 
the user's system.

In addition, this Security Alert includes a security-in-depth fix in the 
AWT subcomponent of the Java Runtime Environment.

Due to the severity of these vulnerabilities, the public disclosure of 
technical details and the reported exploitation of CVE-2012-4681 "in the 
wild," we strongly recommend that you apply the updates as soon as
possible.