SCIENTIFIC-LINUX-USERS Archives

November 2013

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Security advisory on java, how to update?
From:
Dr Andrew C Aitchison <[log in to unmask]>
Reply To:
Dr Andrew C Aitchison <[log in to unmask]>
Date:
Thu, 21 Nov 2013 09:17:34 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (73 lines) 
On Wed, 20 Nov 2013, Mark Stodola wrote:

> On 11/20/2013 04:27 PM, ToddAndMargo wrote:
>> On 11/20/2013 01:50 PM, Chris Schanzle wrote:
>>> On 11/20/2013 04:34 PM, ToddAndMargo wrote:
>>>> Hi All,
>>>> 
>>>> Just got a security advisory on java-1.6.0-openjdk (MDVSA-2013:266)
>>>> and java-1.7.0-openjdk (MDVSA-2013:267).
>>>> 
>>>> Went to try to upgrade it and can't figure out how.
>>>> 
>>>> # rpm -qa \*openjdk\*
>>>> java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.x86_64
>>>> 
>>>> How do you do a yum when the name has a moving target
>>>> (number) in the middle of the name?

The number in the middle of the name is either 1.6.0 (Java 6)
or 1.7.0 (Java 7). As long as you remember that there are two
they aren't really moving targets.


>>>> I did a "yum whatprovides" to see if they had another
>>>> name for it and that has numbers in it too.
>>>> 
>>>> Many thanks,
>>>> -T
>>> 
>>> $ rpm -qa --queryformat="%{name}\t%{version}\t%{release}\n" '*openjdk*'
>>> java-1.6.0-openjdk-devel 1.6.0.0 1.65.1.11.14.el6_4
>>> java-1.6.0-openjdk-javadoc 1.6.0.0 1.65.1.11.14.el6_4
>>> java-1.7.0-openjdk 1.7.0.45 2.4.3.2.el6_4
>>> java-1.6.0-openjdk 1.6.0.0 1.65.1.11.14.el6_4
>>> 
>>> 
>>> Would this work for you?
>>> yum update java\*
>> 
>> Hi Chris,
>> 
>> Never thought of escaping the asterisk.
>> 
>> Apparently, we are still waiting on the fix action
>> to java.
>> 
>> Thank you!
>> -T
>> 
>> # yum --enablerepo=* upgrade java\*
>> Loaded plugins: priorities, refresh-packagekit, security
>> 38 packages excluded due to repository priority protections
>> Setting up Upgrade Process
>> No Packages marked for Update
>
> The security advisories you reference are for Mandriva.  Don't expect updated 
> packages until TUV gets around to handling the underlying CVEs.  It also 
> takes a small amount of time between TUV and Pat/Connie getting them built 
> for SL.

Comparing 
http://www.mandriva.com/fr/support/security/advisories/advisory/MDVSA-2013:267/
and
   https://rhn.redhat.com/errata/RHSA-2013-1451.html
TUV and SL appear to have fixed these vunerabiliites in
java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4 and friends
(I haven't checked java-1.6.0... or SL5 but wouldn't be
surprised if they are fixed too).

-- 
Dr. Andrew C. Aitchison		Computer Officer, DPMMS, Cambridge
[log in to unmask]	http://www.dpmms.cam.ac.uk/~werdna

ATOM RSS1 RSS2