-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Are the open source versions subject to similar issues? I see the
openjdk.org site has recent security updates but there don't seem to be
corresponding updates to TUV rpm's.
Thanks,
Bob Blair
On 02/05/2013 11:07 AM, Pat Riehecky wrote:
> Security packages for Java posted for testing at
>
> ftp://ftp.scientificlinux.org/linux/scientific/5rolling/testing/i386/
> ftp://ftp.scientificlinux.org/linux/scientific/5rolling/testing/x86_64/
>
> Next week these packages will be officially released. This delay is to
> allow you time to test and verify your production applications will run
> as expected once this security update is applied.
>
> If you do not want this security update please consult your site's
> local security policy to determine how you should proceed. Scientific
> Linux will automatically feature this update next week.
>
> As a reminder, the closed source Java6 packages are not present in
> Scientific Linux 5.9. Public updates to the closed source package
> are being discontinued by upstream. Scientific Linux 6 has never
> included the closed source Java packages.
>
> http://www.oracle.com/technetwork/java/eol-135779.html
>
>
> The update advisory is posted below:
>
> Synopsis: Critical: jdk-1.6.0 security update
> Issue Date: 2013-02-01
> CVE Numbers: CVE-2012-1541 CVE-2012-3213 CVE-2012-3342
> CVE-2013-0351 CVE-2013-0409 CVE-2013-0419
> CVE-2013-0423 CVE-2013-0424 CVE-2013-0425
> CVE-2013-0426 CVE-2013-0427 CVE-2013-0428
> CVE-2013-0429 CVE-2013-0430 CVE-2013-0432
> CVE-2013-0433 CVE-2013-0434 CVE-2013-0435
> CVE-2013-0438 CVE-2013-0440 CVE-2013-0441
> CVE-2013-0442 CVE-2013-0443 CVE-2013-0445
> CVE-2013-0446 CVE-2013-0450 CVE-2013-1473
> CVE-2013-1475 CVE-2013-1476 CVE-2013-1478
> CVE-2013-1480 CVE-2013-1481
>
> This update fixes several vulnerabilities in the Oracle Java Runtime
> Environment and the Oracle Java Software Development Kit. Further
> information about these flaws can be found on the Oracle Java SE
> Critical Patch Update Advisory page
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iQEcBAEBAgAGBQJRET2mAAoJEPQM1KNWz8QashMIAK6s9yqG/tSzvcIAUj21SVQp
BWLW3Bqtc503H6W6uXz+BBgr2b/ov3UOxWnSkCAUcHoKUKG+r4Z8K+PA2m5dl9z+
ghD88CR5+qxPPoskYkm04mBNSCc9NHastz5AzfDPpzRLUT5TCC3PvCB9Ha8za9In
Jb6csORr7yZEhMKstTDld3m0S9GKkFksyyMIzDnn6EpDrVyQlYjZmylE2r4Nouen
g9AWOoj82rPUHvh9LTBi/LSm1PUxgVHnOJ5a/rh/GdqXFu6iXD0XkkFgyxPTaRnO
hjetVaWGlpqaciZKI18W3uPVLTTGeNWo+0dAMwLG3lnrCAKdyW3j4fKLuoRzbXU=
=Hd71
-----END PGP SIGNATURE-----