IcedTea7 2.3.8 is out, though it hasn't been released yet. It likely fixes the same two CVEs that were just fixed in IcedTea6. Updated packages uploaded for Mageia 2 and Cauldron. Advisory to come later. Updated RPMs: java-1.7.0-openjdk-1.7.0.6-2.3.8.1.mga2 java-1.7.0-openjdk-demo-1.7.0.6-2.3.8.1.mga2 java-1.7.0-openjdk-devel-1.7.0.6-2.3.8.1.mga2 java-1.7.0-openjdk-javadoc-1.7.0.6-2.3.8.1.mga2 java-1.7.0-openjdk-src-1.7.0.6-2.3.8.1.mga2 java-1.7.0-openjdk-debug-1.7.0.6-2.3.8.1.mga2 from java-1.7.0-openjdk-1.7.0.6-2.3.8.1.mga2.src.rpm Reproducible: Steps to Reproduce:
Again!?
Finally, RedHat has issued their advisory: https://rhn.redhat.com/errata/RHSA-2013-0602.html This one still needs to be tested. Here's the advisory (same CVEs as 6). Advisory: ======================== Updated java-1.7.0-openjdk packages fix security vulnerabilities: An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges (CVE-2013-0809). It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges (CVE-2013-1493). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0809 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493 http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html https://rhn.redhat.com/errata/RHSA-2013-0602.html ======================== Updated packages in core/updates_testing: ======================== java-1.7.0-openjdk-1.7.0.6-2.3.8.1.mga2 java-1.7.0-openjdk-demo-1.7.0.6-2.3.8.1.mga2 java-1.7.0-openjdk-devel-1.7.0.6-2.3.8.1.mga2 java-1.7.0-openjdk-javadoc-1.7.0.6-2.3.8.1.mga2 java-1.7.0-openjdk-src-1.7.0.6-2.3.8.1.mga2 java-1.7.0-openjdk-debug-1.7.0.6-2.3.8.1.mga2 from java-1.7.0-openjdk-1.7.0.6-2.3.8.1.mga2.src.rpm
Severity: normal => critical
Testing complete mga2 32 # update-alternatives --config java Select 1.7.0 $ javac HelloWorldApp.java $ java HelloWorldApp Hello World!
Whiteboard: (none) => has_procedure mga2-32-ok
Testing complete mga2 64 HelloWorld app and OddEven work as expected.
Keywords: (none) => validated_updateCC: (none) => wrw105Whiteboard: has_procedure mga2-32-ok => has_procedure mga2-32-ok MGA2-64-OK
validating. Advisory and package list in comment 2. can someone from the sysadmin team please push from core/updates_testing to core/updates? Thanks!
Thanks Bill. Please remember to CC sysadmin-bugs when validating.
CC: (none) => sysadmin-bugs
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0088
Status: NEW => RESOLVEDCC: (none) => dmorganecResolution: (none) => FIXED