Quite rapidly, new versions of the icedtea “build harness” have been released, which create an updated OpenJDK 7u15. The 15th update to Java7 addresses several vulnerabilities.
Read all about it on Andrew John Hughes‘s blog article. GNU/Andrew is the release manager for Icedtea.
Here is the list (taken from that page) of the vulnerabilities which have been plugged and their CVE numbers:
- S8004937, CVE-2013-1484: Improve proxy construction
- S8006439, CVE-2013-1485: Improve MethodHandles coverage
- S8006446, CVE-2013-1486: Restrict MBeanServer access
- S8006777, CVE-2013-0169: Improve TLS handling of invalid messages
- S8007688: Blacklist known bad certificate
Packages for OpenJDK, compiled on Slackware 13.37 (and useable on 13.37 as well as 14.0 and -current!), can be found at the usual locations. Here are a few:
- http://alien.slackbook.org/slackbuilds/openjdk/ , the primary location (bandwidth-capped)
- http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/openjdk/ , my own fast mirror
Further packages that are recommended/required:
- Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
- Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.
Eric
They’ll be another release today (2.1.7, 2.2.7 & 2.3.8) to correspond to the 7u17 security update.
Hey Andrew,
Thanks for the heads-up! I have my VM’s ready for the package compilation.
Cheers, Eric