Several CVEs, some of which reportedly are being actively exploited, are fixed in newer versions of IcedTea6/7 (2.0.1 and 2.1) than what we have in Cauldron (2.0). If the OpenJDK itself has any updates, they should be applied as well. Upstream announcements: http://blog.fuseyism.com/index.php/2012/02/15/security-icedtea6-1-8-13-1-9-13-1-10-6-and-icedtea-2-0-1-released/ http://blog.fuseyism.com/index.php/2012/02/15/icedtea-2-1-released-openjdk7-u3-release/ There's some info here too: https://bugzilla.redhat.com/show_bug.cgi?id=788994
CC: (none) => dmorganec
Blocks: (none) => 5046
Severity: normal => critical
Fixed in java-1.7.0-openjdk-1.7.0.3-2.1.1.mga2
Status: NEW => RESOLVEDResolution: (none) => FIXED
Blocks: 5046 => (none)