-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:150 http://www.mandriva.com/security/ _______________________________________________________________________ Package : java-1.6.0-openjdk Date : September 10, 2012 Affected: Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple security issues were identified and fixed in OpenJDK (icedtea6): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited. NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities (CVE-2012-0547). Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136 (CVE-2012-1682). The updated packages provides icedtea6-1.11.4 which is not vulnerable to these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1682 http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 286dbb39a335671d71463907eb367c30 mes5/i586/java-1.6.0-openjdk-1.6.0.0-34.b24.1mdvmes5.2.i586.rpm e5f5fc7abaf8c9cfd7bb6497c0bdce82 mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-34.b24.1mdvmes5.2.i586.rpm 088aa2775b4e66dede9492d4cd51f8ec mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-34.b24.1mdvmes5.2.i586.rpm b628e97ddf02083759cc434019eafc99 mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-34.b24.1mdvmes5.2.i586.rpm 05fbc9d227be560f44c4c7dab844f5d9 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-34.b24.1mdvmes5.2.i586.rpm 99a8a99f80ae162704ad4bdb5cee3f03 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-34.b24.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 35672929025893cc919f96f6a3f5a64d mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-34.b24.1mdvmes5.2.x86_64.rpm aba364efac24a36a18701730a431316f mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-34.b24.1mdvmes5.2.x86_64.rpm 2ab69f1c6eb159fae58ef41b0c6db727 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-34.b24.1mdvmes5.2.x86_64.rpm 4c9dd84ed0e30d56032bf43aca6625bd mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-34.b24.1mdvmes5.2.x86_64.rpm 96172e0de881538984e6e1086d383030 mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-34.b24.1mdvmes5.2.x86_64.rpm 99a8a99f80ae162704ad4bdb5cee3f03 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-34.b24.1mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFQTc2ymqjQ0CJFipgRAtdPAJ4okhZyCQ9BTpmAn4JPjXoPrVw9pACg4YXC RMZdy7VbZqL5+9SfkTIRYzg= =xDgA -----END PGP SIGNATURE-----
