Re: Security advisory on java, how to update?

Thu, 21 Nov 2013 01:19:33 -0800 

On Wed, 20 Nov 2013, Mark Stodola wrote:


On 11/20/2013 04:27 PM, ToddAndMargo wrote:

On 11/20/2013 01:50 PM, Chris Schanzle wrote:

On 11/20/2013 04:34 PM, ToddAndMargo wrote:

Hi All,

Just got a security advisory on java-1.6.0-openjdk (MDVSA-2013:266)
and java-1.7.0-openjdk (MDVSA-2013:267).

Went to try to upgrade it and can't figure out how.

# rpm -qa \*openjdk\*
java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.x86_64

How do you do a yum when the name has a moving target
(number) in the middle of the name?


The number in the middle of the name is either 1.6.0 (Java 6)
or 1.7.0 (Java 7). As long as you remember that there are two
they aren't really moving targets.



I did a "yum whatprovides" to see if they had another
name for it and that has numbers in it too.

Many thanks,
-T


$ rpm -qa --queryformat="%{name}\t%{version}\t%{release}\n" '*openjdk*'
java-1.6.0-openjdk-devel 1.6.0.0 1.65.1.11.14.el6_4
java-1.6.0-openjdk-javadoc 1.6.0.0 1.65.1.11.14.el6_4
java-1.7.0-openjdk 1.7.0.45 2.4.3.2.el6_4
java-1.6.0-openjdk 1.6.0.0 1.65.1.11.14.el6_4


Would this work for you?
yum update java\*


Hi Chris,

Never thought of escaping the asterisk.

Apparently, we are still waiting on the fix action
to java.

Thank you!
-T

# yum --enablerepo=* upgrade java\*
Loaded plugins: priorities, refresh-packagekit, security
38 packages excluded due to repository priority protections
Setting up Upgrade Process
No Packages marked for Update
The security advisories you reference are for Mandriva. Don't expect updated packages until TUV gets around to handling the underlying CVEs. It also takes a small amount of time between TUV and Pat/Connie getting them built for SL.
Comparing http://www.mandriva.com/fr/support/security/advisories/advisory/MDVSA-2013:267/ 
and
  https://rhn.redhat.com/errata/RHSA-2013-1451.html
TUV and SL appear to have fixed these vunerabiliites in
java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4 and friends
(I haven't checked java-1.6.0... or SL5 but wouldn't be
surprised if they are fixed too).

--
Dr. Andrew C. Aitchison         Computer Officer, DPMMS, Cambridge
[email protected]   http://www.dpmms.cam.ac.uk/~werdna

Reply via email to