Subject: | |
From: | |
Reply To: | |
Date: | Tue, 5 Feb 2013 11:12:01 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Unfortunately, I do not know.
Pat
On 02/05/2013 11:13 AM, Robert Blair wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Are the open source versions subject to similar issues? I see the
> openjdk.org site has recent security updates but there don't seem to be
> corresponding updates to TUV rpm's.
>
> Thanks,
> Bob Blair
>
>
> On 02/05/2013 11:07 AM, Pat Riehecky wrote:
>> Security packages for Java posted for testing at
>>
>> ftp://ftp.scientificlinux.org/linux/scientific/5rolling/testing/i386/
>> ftp://ftp.scientificlinux.org/linux/scientific/5rolling/testing/x86_64/
>>
>> Next week these packages will be officially released. This delay is to
>> allow you time to test and verify your production applications will run
>> as expected once this security update is applied.
>>
>> If you do not want this security update please consult your site's
>> local security policy to determine how you should proceed. Scientific
>> Linux will automatically feature this update next week.
>>
>> As a reminder, the closed source Java6 packages are not present in
>> Scientific Linux 5.9. Public updates to the closed source package
>> are being discontinued by upstream. Scientific Linux 6 has never
>> included the closed source Java packages.
>>
>> http://www.oracle.com/technetwork/java/eol-135779.html
>>
>>
>> The update advisory is posted below:
>>
>> Synopsis: Critical: jdk-1.6.0 security update
>> Issue Date: 2013-02-01
>> CVE Numbers: CVE-2012-1541 CVE-2012-3213 CVE-2012-3342
>> CVE-2013-0351 CVE-2013-0409 CVE-2013-0419
>> CVE-2013-0423 CVE-2013-0424 CVE-2013-0425
>> CVE-2013-0426 CVE-2013-0427 CVE-2013-0428
>> CVE-2013-0429 CVE-2013-0430 CVE-2013-0432
>> CVE-2013-0433 CVE-2013-0434 CVE-2013-0435
>> CVE-2013-0438 CVE-2013-0440 CVE-2013-0441
>> CVE-2013-0442 CVE-2013-0443 CVE-2013-0445
>> CVE-2013-0446 CVE-2013-0450 CVE-2013-1473
>> CVE-2013-1475 CVE-2013-1476 CVE-2013-1478
>> CVE-2013-1480 CVE-2013-1481
>>
>> This update fixes several vulnerabilities in the Oracle Java Runtime
>> Environment and the Oracle Java Software Development Kit. Further
>> information about these flaws can be found on the Oracle Java SE
>> Critical Patch Update Advisory page
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (GNU/Linux)
>
> iQEcBAEBAgAGBQJRET2mAAoJEPQM1KNWz8QashMIAK6s9yqG/tSzvcIAUj21SVQp
> BWLW3Bqtc503H6W6uXz+BBgr2b/ov3UOxWnSkCAUcHoKUKG+r4Z8K+PA2m5dl9z+
> ghD88CR5+qxPPoskYkm04mBNSCc9NHastz5AzfDPpzRLUT5TCC3PvCB9Ha8za9In
> Jb6csORr7yZEhMKstTDld3m0S9GKkFksyyMIzDnn6EpDrVyQlYjZmylE2r4Nouen
> g9AWOoj82rPUHvh9LTBi/LSm1PUxgVHnOJ5a/rh/GdqXFu6iXD0XkkFgyxPTaRnO
> hjetVaWGlpqaciZKI18W3uPVLTTGeNWo+0dAMwLG3lnrCAKdyW3j4fKLuoRzbXU=
> =Hd71
> -----END PGP SIGNATURE-----
--
Pat Riehecky
Scientific Linux Developer
|
|
|