Security packages for Java posted for testing at ftp://ftp.scientificlinux.org/linux/scientific/5rolling/testing/i386/ ftp://ftp.scientificlinux.org/linux/scientific/5rolling/testing/x86_64/ Next week these packages will be officially released. This delay is to allow you time to test and verify your production applications will run as expected once this security update is applied. If you do not want this security update please consult your site's local security policy to determine how you should proceed. Scientific Linux will automatically feature this update next week. As a reminder, the openjdk Java environment is available in Scientific Linux 5. Updates for openjdk are released in a similar manner to other security updates. Additionally, Scientific Linux 6 does not bundle the closed source Java environment. So if you are planning to move to Scientific Linux 6 in the future, you may wish to begin the java migration to openjdk at this time. The update advisory is posted below: Synopsis: Critical: java-1.6.0-sun security update Issue Date: 2012-10-18 CVE Numbers: CVE-2012-0547 CVE-2012-4416 CVE-2012-3216 CVE-2012-5068 CVE-2012-5077 CVE-2012-5073 CVE-2012-5075 CVE-2012-5072 CVE-2012-5081 CVE-2012-5086 CVE-2012-5084 CVE-2012-5089 CVE-2012-5071 CVE-2012-5069 CVE-2012-5085 CVE-2012-5079 CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-3143 CVE-2012-3159 CVE-2012-5083 -- Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory and Oracle Security Alert pages. (CVE-2012-0547, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5089) All running instances of Oracle/Sun Java must be restarted for the update to take effect. -- SL5 x86_64 java-1.6.0-sun-compat-1.6.0.37-3.sl5.jpp.i586.rpm java-1.6.0-sun-compat-1.6.0.37-3.sl5.jpp.x86_64.rpm jdk-1.6.0_37-fcs.i586.rpm jdk-1.6.0_37-fcs.x86_64.rpm i386 java-1.6.0-sun-compat-1.6.0.37-3.sl5.jpp.i586.rpm jdk-1.6.0_37-fcs.i586.rpm