From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/2012-April/014268.html | 100 ++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 zarb-ml/mageia-dev/2012-April/014268.html (limited to 'zarb-ml/mageia-dev/2012-April/014268.html') diff --git a/zarb-ml/mageia-dev/2012-April/014268.html b/zarb-ml/mageia-dev/2012-April/014268.html new file mode 100644 index 000000000..103105046 --- /dev/null +++ b/zarb-ml/mageia-dev/2012-April/014268.html @@ -0,0 +1,100 @@ + + + + [Mageia-dev] Mageia 2 security updates: help needed with Java and Tomcat + + + + + + + + + +

[Mageia-dev] Mageia 2 security updates: help needed with Java and Tomcat

+ David Walser + luigiwalser at yahoo.com +
+ Sat Apr 14 20:41:42 CEST 2012 +

+
+ +
Can anyone help with these?  One of the tomcat6 packages is installed on almost every system as it's required by LibreOffice.
+
+David Walser wrote:
+> The only remaining known security issues with Mageia 2 packages concern Java and Tomcat, and some expertise is needed to help close these.
+> 
+> The vulnerable Java package is java-1.7.0-openjdk.  It is vulnerable to a large set of CVEs which have also affected java 1.6.0, and I 
+believe are the same ones behind the recent compromise of Mac OS X machines as well as the Windows version of Firefox automatically disabling 
+vulnerable Java plugins.  We have just issued an update for this in Mageia 1 today, and java-1.6.0-openjdk in Cauldron was fixed on Sunday.  
+Since our Java plugin uses 1.6.0 instead of 1.7.0, our exposure to these vulnerabilities is reduced, but they are still there.  At the very 
+least the "IcedTea" in the package needs updated to either 2.0.1 or 2.1.  The "OpenJDK" in the package may need to be updated as well.  D 
+Morgan has done a really nice job maintaining this package, but has been really busy lately, so if anyone else has the ability to assist with 
+it, it would be good.
+> Bugzilla reference:  https://bugs.mageia.org/show_bug.cgi?id=5300
+> 
+> Our tomcat5 and tomcat6 packages are unmaintained and have not been updated since before Mageia 1, and contain several vulnerabilities 
+(both in Mageia 1 and Cauldron) that have been fixed by other distros.  There are so many CVEs I can't say off the top of my head how many, 
+and I'm not even sure I found them all.  Hopefully just updating these packages to the newest versions would be enough to close them all.
+> Bugzilla references:
+> tomcat5 - https://bugs.mageia.org/show_bug.cgi?id=3099
+> tomcat6 - https://bugs.mageia.org/show_bug.cgi?id=5261
+> 
+> Finally, there are a number of security issues affecting Firefox in Mageia 1, and some help may be needed closing this one.  All but one of 
+the bugs blocking this update have recently been fixed.  There are apparently some issues with Eclipse that still need to be solved, as well 
+as a couple other packages that may still need to be rebuilt.  An update candidate for Firefox itself already exists in updates_testing.
+> Bugzilla reference:  https://bugs.mageia.org/show_bug.cgi?id=4405
+
+
+
+ + + + + + + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1