LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

February 2013

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS February 2013

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Posted for testing: security packages for Java (SL5.0 - 5.8)
From:	Robert Blair <[log in to unmask]>
Reply To:	Robert Blair <[log in to unmask]>
Date:	Tue, 5 Feb 2013 11:13:10 -0600
Content-Type:	multipart/mixed
Parts/Attachments:	text/plain (2622 bytes) , reb.vcf (333 bytes)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Are the open source versions subject to similar issues?  I see the
openjdk.org site has recent security updates but there don't seem to be
corresponding updates to TUV rpm's.

Thanks,
Bob Blair


On 02/05/2013 11:07 AM, Pat Riehecky wrote:
> Security packages for Java posted for testing at
> 
> ftp://ftp.scientificlinux.org/linux/scientific/5rolling/testing/i386/
> ftp://ftp.scientificlinux.org/linux/scientific/5rolling/testing/x86_64/
> 
> Next week these packages will be officially released.  This delay is to
> allow you time to test and verify your production applications will run
> as expected once this security update is applied.
> 
> If you do not want this security update please consult your site's
> local security policy to determine how you should proceed.  Scientific
> Linux will automatically feature this update next week.
> 
> As a reminder, the closed source Java6 packages are not present in
> Scientific Linux 5.9.  Public updates to the closed source package
> are being discontinued by upstream.  Scientific Linux 6 has never
> included the closed source Java packages.
> 
> http://www.oracle.com/technetwork/java/eol-135779.html
> 
> 
> The update advisory is posted below:
> 
> Synopsis: Critical: jdk-1.6.0 security update
> Issue Date: 2013-02-01
> CVE Numbers:  CVE-2012-1541 CVE-2012-3213 CVE-2012-3342
>               CVE-2013-0351 CVE-2013-0409 CVE-2013-0419
>               CVE-2013-0423 CVE-2013-0424 CVE-2013-0425
>               CVE-2013-0426 CVE-2013-0427 CVE-2013-0428
>               CVE-2013-0429 CVE-2013-0430 CVE-2013-0432
>               CVE-2013-0433 CVE-2013-0434 CVE-2013-0435
>               CVE-2013-0438 CVE-2013-0440 CVE-2013-0441
>               CVE-2013-0442 CVE-2013-0443 CVE-2013-0445
>               CVE-2013-0446 CVE-2013-0450 CVE-2013-1473
>               CVE-2013-1475 CVE-2013-1476 CVE-2013-1478
>               CVE-2013-1480 CVE-2013-1481
> 
> This update fixes several vulnerabilities in the Oracle Java Runtime
> Environment and the Oracle Java Software Development Kit. Further
> information about these flaws can be found on the Oracle Java SE
> Critical Patch Update Advisory page
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iQEcBAEBAgAGBQJRET2mAAoJEPQM1KNWz8QashMIAK6s9yqG/tSzvcIAUj21SVQp
BWLW3Bqtc503H6W6uXz+BBgr2b/ov3UOxWnSkCAUcHoKUKG+r4Z8K+PA2m5dl9z+
ghD88CR5+qxPPoskYkm04mBNSCc9NHastz5AzfDPpzRLUT5TCC3PvCB9Ha8za9In
Jb6csORr7yZEhMKstTDld3m0S9GKkFksyyMIzDnn6EpDrVyQlYjZmylE2r4Nouen
g9AWOoj82rPUHvh9LTBi/LSm1PUxgVHnOJ5a/rh/GdqXFu6iXD0XkkFgyxPTaRnO
hjetVaWGlpqaciZKI18W3uPVLTTGeNWo+0dAMwLG3lnrCAKdyW3j4fKLuoRzbXU=
=Hd71
-----END PGP SIGNATURE-----

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV