LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

February 2013

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS February 2013

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Posted for testing: security packages for Java (SL5.0 - 5.8)
From:	Pat Riehecky <[log in to unmask]>
Reply To:	Pat Riehecky <[log in to unmask]>
Date:	Tue, 5 Feb 2013 11:12:01 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (75 lines)

Unfortunately, I do not know.

Pat

On 02/05/2013 11:13 AM, Robert Blair wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Are the open source versions subject to similar issues?  I see the
> openjdk.org site has recent security updates but there don't seem to be
> corresponding updates to TUV rpm's.
>
> Thanks,
> Bob Blair
>
>
> On 02/05/2013 11:07 AM, Pat Riehecky wrote:
>> Security packages for Java posted for testing at
>>
>> ftp://ftp.scientificlinux.org/linux/scientific/5rolling/testing/i386/
>> ftp://ftp.scientificlinux.org/linux/scientific/5rolling/testing/x86_64/
>>
>> Next week these packages will be officially released.  This delay is to
>> allow you time to test and verify your production applications will run
>> as expected once this security update is applied.
>>
>> If you do not want this security update please consult your site's
>> local security policy to determine how you should proceed.  Scientific
>> Linux will automatically feature this update next week.
>>
>> As a reminder, the closed source Java6 packages are not present in
>> Scientific Linux 5.9.  Public updates to the closed source package
>> are being discontinued by upstream.  Scientific Linux 6 has never
>> included the closed source Java packages.
>>
>> http://www.oracle.com/technetwork/java/eol-135779.html
>>
>>
>> The update advisory is posted below:
>>
>> Synopsis: Critical: jdk-1.6.0 security update
>> Issue Date: 2013-02-01
>> CVE Numbers:  CVE-2012-1541 CVE-2012-3213 CVE-2012-3342
>>                CVE-2013-0351 CVE-2013-0409 CVE-2013-0419
>>                CVE-2013-0423 CVE-2013-0424 CVE-2013-0425
>>                CVE-2013-0426 CVE-2013-0427 CVE-2013-0428
>>                CVE-2013-0429 CVE-2013-0430 CVE-2013-0432
>>                CVE-2013-0433 CVE-2013-0434 CVE-2013-0435
>>                CVE-2013-0438 CVE-2013-0440 CVE-2013-0441
>>                CVE-2013-0442 CVE-2013-0443 CVE-2013-0445
>>                CVE-2013-0446 CVE-2013-0450 CVE-2013-1473
>>                CVE-2013-1475 CVE-2013-1476 CVE-2013-1478
>>                CVE-2013-1480 CVE-2013-1481
>>
>> This update fixes several vulnerabilities in the Oracle Java Runtime
>> Environment and the Oracle Java Software Development Kit. Further
>> information about these flaws can be found on the Oracle Java SE
>> Critical Patch Update Advisory page
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (GNU/Linux)
>
> iQEcBAEBAgAGBQJRET2mAAoJEPQM1KNWz8QashMIAK6s9yqG/tSzvcIAUj21SVQp
> BWLW3Bqtc503H6W6uXz+BBgr2b/ov3UOxWnSkCAUcHoKUKG+r4Z8K+PA2m5dl9z+
> ghD88CR5+qxPPoskYkm04mBNSCc9NHastz5AzfDPpzRLUT5TCC3PvCB9Ha8za9In
> Jb6csORr7yZEhMKstTDld3m0S9GKkFksyyMIzDnn6EpDrVyQlYjZmylE2r4Nouen
> g9AWOoj82rPUHvh9LTBi/LSm1PUxgVHnOJ5a/rh/GdqXFu6iXD0XkkFgyxPTaRnO
> hjetVaWGlpqaciZKI18W3uPVLTTGeNWo+0dAMwLG3lnrCAKdyW3j4fKLuoRzbXU=
> =Hd71
> -----END PGP SIGNATURE-----


-- 
Pat Riehecky
Scientific Linux Developer

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV