RedHat has issued an advisory today (February 20): https://rhn.redhat.com/errata/RHSA-2013-0273.html Reproducible: Steps to Reproduce:
Updated package uploaded for Mageia 2. Advisory: ======================== Updated java-1.6.0-openjdk packages fix security vulnerabilities: An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions (CVE-2013-1486). It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle (CVE-2013-0169). This updates IcedTea6 to version 1.11.8, which fixes these and other issues. References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1486 http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-1-11-8-1-12-3-for-openjdk-6-released/ https://rhn.redhat.com/errata/RHSA-2013-0273.html ======================== Updated packages in core/updates_testing: ======================== java-1.6.0-openjdk-1.6.0.0-38.b24.1.mga2 java-1.6.0-openjdk-devel-1.6.0.0-38.b24.1.mga2 java-1.6.0-openjdk-demo-1.6.0.0-38.b24.1.mga2 java-1.6.0-openjdk-src-1.6.0.0-38.b24.1.mga2 java-1.6.0-openjdk-javadoc-1.6.0.0-38.b24.1.mga2 from java-1.6.0-openjdk-1.6.0.0-38.b24.1.mga2.src.rpm
Assignee: bugsquad => qa-bugs
No PoC's
Tested with HelloWorld http://docs.oracle.com/javase/tutorial/getStarted/cupojava/unix.html tested with OddEven https://en.wikipedia.org/wiki/Java_%28programming_language%29#A_more_comprehensive_example All works as expected x86_64 MGA2
CC: (none) => wrw105Whiteboard: (none) => MGA2-64-OK
Testing complete mga2 32 Validating Advisory & srpm in comment 1 Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA2-64-OK => MGA2-64-OK mga2-32-ok
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0062
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED