ID

VAR-201206-0062

CVE

CVE-2012-1713

TITLE

Oracle Java SE of Java Runtime Environment (JRE) In 2D Processing vulnerability

DESCRIPTION

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. (DoS) An attack may be carried out. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the BasicService.showDocument Java Webstart function. This function allows additional parameters to be passed to the browser. Depending on which browser the user has set as default browser this could lead to remote code execution under the context of the current user. This vulnerability affects the following supported versions: 7 Update 4, 6 Update 32, 5 Update 35, 1.4.2_37, JavaFX 2.1. (CVE-2012-1723, CVE-2012-1725) It was discovered that java.lang.invoke.MethodHandles.Lookup did not properly honor access modes. (CVE-2012-1717) This update also fixes the following bug: * Attempting to compile a SystemTap script using the jstack tapset could have failed with an error similar to the following: error: the frame size of 272 bytes is larger than 256 bytes This update corrects the jstack tapset and resolves this issue. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-openjdk security update Advisory ID: RHSA-2012:0729-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0729.html Issue date: 2012-06-13 CVE Names: CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA (Common Object Request Broker Architecture) implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. (CVE-2012-1711, CVE-2012-1719) It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. (CVE-2012-1716) Multiple flaws were discovered in the font manager's layout lookup implementation. A specially-crafted font file could cause the Java Virtual Machine to crash or, possibly, execute arbitrary code with the privileges of the user running the virtual machine. (CVE-2012-1713) Multiple flaws were found in the way the Java HotSpot Virtual Machine verified the bytecode of the class file to be executed. A specially-crafted Java application or applet could use these flaws to crash the Java Virtual Machine, or bypass Java sandbox restrictions. (CVE-2012-1723, CVE-2012-1725) It was discovered that the Java XML parser did not properly handle certain XML documents. An attacker able to make a Java application parse a specially-crafted XML file could use this flaw to make the XML parser enter an infinite loop. (CVE-2012-1724) It was discovered that the Java security classes did not properly handle Certificate Revocation Lists (CRL). CRL containing entries with duplicate certificate serial numbers could have been ignored. (CVE-2012-1718) It was discovered that various classes of the Java Runtime library could create temporary files with insecure permissions. A local attacker could use this flaw to gain access to the content of such temporary files. (CVE-2012-1717) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.11.3. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 829354 - CVE-2012-1711 OpenJDK: improper protection of CORBA data models (CORBA, 7079902) 829358 - CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606) 829360 - CVE-2012-1716 OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614) 829361 - CVE-2012-1713 OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617) 829371 - CVE-2012-1719 OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851) 829372 - CVE-2012-1718 OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872) 829373 - CVE-2012-1723 OpenJDK: insufficient field accessibility checks (HotSpot, 7152811) 829374 - CVE-2012-1724 OpenJDK: XML parsing infinite loop (JAXP, 7157609) 829376 - CVE-2012-1725 OpenJDK: insufficient invokespecial <init> verification (HotSpot, 7160757) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.src.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1711.html https://www.redhat.com/security/data/cve/CVE-2012-1713.html https://www.redhat.com/security/data/cve/CVE-2012-1716.html https://www.redhat.com/security/data/cve/CVE-2012-1717.html https://www.redhat.com/security/data/cve/CVE-2012-1718.html https://www.redhat.com/security/data/cve/CVE-2012-1719.html https://www.redhat.com/security/data/cve/CVE-2012-1723.html https://www.redhat.com/security/data/cve/CVE-2012-1724.html https://www.redhat.com/security/data/cve/CVE-2012-1725.html https://access.redhat.com/security/updates/classification/#critical http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.3/NEWS http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP2Ja7XlSAg2UNWIIRAokFAJ9V8VJuhVGk/NeIz9cIUFTWFq0Y/ACfT9AU CU7+p+0KxnampfpTiGqnnPM= =ZEhT -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: uCosminexus Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA49578 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49578/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49578 RELEASE DATE: 2012-06-15 DISCUSS ADVISORY: http://secunia.com/advisories/49578/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49578/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49578 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Hitachi has acknowledged multiple vulnerabilities in uCosminexus products, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java. For more information: SA49472 Please see the vendor's advisory for a list of affected products. ORIGINAL ADVISORY: HS12-015: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-015/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - -- Vendor Response: Oracle has issued an update to correct this vulnerability. More details can be found at: http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.ht ml - -- Disclosure Timeline: 2012-03-14 - Vulnerability reported to vendor 2012-08-17 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Chris Ries - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product

AFFECTED PRODUCTS