LISTSERV - SCIENTIFIC-LINUX-DEVEL Archives

SCIENTIFIC-LINUX-DEVEL Archives

October 2012

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-DEVEL Home
	SCIENTIFIC-LINUX-DEVEL October 2012

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Posted for testing: security packages for Java (SL5)
From:	Pat Riehecky <[log in to unmask]>
Reply To:	Pat Riehecky <[log in to unmask]>
Date:	Tue, 23 Oct 2012 10:18:17 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (78 lines)

Security packages for Java posted for testing at

ftp://ftp.scientificlinux.org/linux/scientific/5rolling/testing/i386/
ftp://ftp.scientificlinux.org/linux/scientific/5rolling/testing/x86_64/

Next week these packages will be officially released.  This delay is to
allow you time to test and verify your production applications will run
as expected once this security update is applied.

If you do not want this security update please consult your site's
local security policy to determine how you should proceed.  Scientific
Linux will automatically feature this update next week.

As a reminder, the openjdk Java environment is available in Scientific
Linux 5.  Updates for openjdk are released in a similar manner to other
security updates.  Additionally, Scientific Linux 6 does not bundle the
closed source Java environment.  So if you are planning to move to
Scientific Linux 6 in the future, you may wish to begin the java
migration to openjdk at this time.




The update advisory is posted below:

Synopsis:          Critical: java-1.6.0-sun security update
Issue Date:        2012-10-18
CVE Numbers:       CVE-2012-0547
                    CVE-2012-4416
                    CVE-2012-3216
                    CVE-2012-5068
                    CVE-2012-5077
                    CVE-2012-5073
                    CVE-2012-5075
                    CVE-2012-5072
                    CVE-2012-5081
                    CVE-2012-5086
                    CVE-2012-5084
                    CVE-2012-5089
                    CVE-2012-5071
                    CVE-2012-5069
                    CVE-2012-5085
                    CVE-2012-5079
                    CVE-2012-1531
                    CVE-2012-1532
                    CVE-2012-1533
                    CVE-2012-3143
                    CVE-2012-3159
                    CVE-2012-5083
--

Oracle Java SE version 6 includes the Oracle Java Runtime Environment
and the Oracle Java Software Development Kit.

This update fixes several vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch Update Advisory and Oracle Security Alert pages. (CVE-2012-0547,
CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159,
CVE-2012-3216, CVE-2012-4416, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071,
CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5077, CVE-2012-5079,
CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086,
CVE-2012-5089)

All running instances of Oracle/Sun Java must be restarted for the
update to take effect.
--

SL5
   x86_64
     java-1.6.0-sun-compat-1.6.0.37-3.sl5.jpp.i586.rpm
     java-1.6.0-sun-compat-1.6.0.37-3.sl5.jpp.x86_64.rpm
     jdk-1.6.0_37-fcs.i586.rpm
     jdk-1.6.0_37-fcs.x86_64.rpm
   i386
     java-1.6.0-sun-compat-1.6.0.37-3.sl5.jpp.i586.rpm
     jdk-1.6.0_37-fcs.i586.rpm

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV