It’s Java security update time again, folks. The IcedTea team just released version 2.4.1 of their “build harness” (which builds the OpenJDK source code using Free Software tools and allows for other features such as support for alternative virtual machines and ARM support).
The new IcedTea will build OpenJDK 7 Update 40 Build 31 – or 7u40_b31 in short.
This includes the latest security updates. IcedTea 2.4.x continues to track the upcoming Java 7u40 release “upstream”. For the official announcement check out GNU/Andrew’s blog post.
The security fixes are all listed on that blog page but I will repeat them here verbatim.
- S6741606, CVE-2013-2407: Integrate Apache Santuario
- S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls
- S7170730, CVE-2013-2451: Improve Windows network stack support.
- S8000638, CVE-2013-2450: Improve deserialization
- S8000642, CVE-2013-2446: Better handling of objects for transportation
- S8001032: Restrict object access
- S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers
- S8001034, CVE-2013-1500: Memory management improvements
- S8001038, CVE-2013-2444: Resourcefully handle resources
- S8001043: Clarify definition restrictions
- S8001308: Update display of applet windows
- S8001309: Better handling of annotation interfaces
- S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost
- S8001330, CVE-2013-2443: Improve on checking order (non-Zero builds only)
- S8003703, CVE-2013-2412: Update RMI connection dialog box
- S8004288, CVE-2013-2449: (fs) Files.probeContentType problems
- S8004584: Augment applet contextualization
- S8005007: Better glyph processing
- S8006328, CVE-2013-2448: Improve robustness of sound classes
- S8006611: Improve scripting
- S8007467: Improve robustness of JMX internal APIs
- S8007471: Improve MBean notifications
- S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes
- S8007925: Improve cmsStageAllocLabV2ToV4curves
- S8007926: Improve cmsPipelineDup
- S8007927: Improve cmsAllocProfileSequenceDescription
- S8007929: Improve CurvesAlloc
- S8008120, CVE-2013-2457: Improve JMX class checking
- S8008124, CVE-2013-2453: Better compliance testing
- S8008128: Better API coherence for JMX
- S8008132, CVE-2013-2456: Better serialization support
- S8008585: Better JMX data handling
- S8008593: Better URLClassLoader resource management
- S8008603: Improve provision of JMX providers
- S8008607: Better input checking in JMX
- S8008611: Better handling of annotations in JMX
- S8008615: Improve robustness of JMX internal APIs
- S8008623: Better handling of MBeanServers
- S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606
- S8008982: Adjust JMX for underlying interface changes
- S8009004: Better implementation of RMI connections
- S8009008: Better manage management-api
- S8009013: Better handling of T2K glyphs
- S8009034: Improve resulting notifications in JMX
- S8009038: Improve JMX notification support
- S8009057, CVE-2013-2448: Improve MIDI event handling
- S8009067: Improve storing keys in KeyStore
- S8009071, CVE-2013-2459: Improve shape handling
- S8009235: Improve handling of TSA data
- S8009424, CVE-2013-2458: Adapt Nashorn to JSR-292 implementation change
- S8009554, CVE-2013-2454: Improve SerialJavaObject.getFields
- S8009654: Improve stability of cmsnamed
- S8010209, CVE-2013-2460: Better provision of factories
- S8011243, CVE-2013-2470: Improve ImagingLib
- S8011248, CVE-2013-2471: Better Component Rasters
- S8011253, CVE-2013-2472: Better Short Component Rasters
- S8011257, CVE-2013-2473: Better Byte Component Rasters
- S8012375, CVE-2013-1571: Improve Javadoc framing
- S8012421: Better positioning of PairPositioning
- S8012438, CVE-2013-2463: Better image validation
- S8012597, CVE-2013-2465: Better image channel verification
- S8012601, CVE-2013-2469: Better validation of image layouts
- S8014281, CVE-2013-2461: Better checking of XML signature
- S8015997: Additional improvement in Javadoc framing
The list with OpenJDK enhancements and fixes on the other hand, is so long that I will not even attempt to duplicate it. 😉
OpenJDK 7u40_b31 for Slackware:
My packages for OpenJDK have been compiled on Slackware 13.37 (and are useable on 13.37 as well as 14.0 and -current!). Get them preferably from a mirror site (faster downloads):
- http://alien.slackbook.org/slackbuilds/openjdk/ , the primary location (bandwidth-capped)
- http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/openjdk/ , my own fast US mirror
- http://slackware.org.uk/people/alien/slackbuilds/openjdk/ , fast UK mirror, needs a day to get in sync
Further packages that are recommended/required:
- Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
- Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.
Note that you should only install one of the two packages, either openjdk or openjre, do not install both at the same time or things will break! The openjdk package contains the jre (java runtime) as well as the java development kit.
Eric
Leave a Reply