ID

VAR-201302-0407

CVE

CVE-2013-1480

TITLE

Oracle Java contains multiple vulnerabilities

DESCRIPTION

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. (DoS) An attack may be carried out. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the Java AWT Image Transform library functions. For certain image transformation functions, Java fails to take the 'numBands' into account during the allocation of heap memory and instead uses a static value of 0x4. The allocated memory is later written to inside a loop that uses the 'numBands' value which can result in a memory corruption. This can lead to remote code execution under the context of the current process. Note: This issue was previously discussed in BID 57670 (Oracle Java Runtime Environment Multiple Security Vulnerabilities) but has been given its own record to better document it. This vulnerability affects the following supported versions: 7 Update 11, 6 Update 38, 5.0 Update 38, 1.4.2_40. It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZQ6mmqjQ0CJFipgRArrgAKCPZMbOA1UtXaG4tQd9CKEggT1x/gCfYfXv 8XJUrvALufbbaHuyChk9zik= =TGuI -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:010 http://www.mandriva.com/security/ _______________________________________________________________________ Package : java-1.6.0-openjdk Date : February 11, 2013 Affected: 2011., Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple security issues were identified and fixed in OpenJDK (icedtea6): * S6563318, CVE-2013-0424: RMI data sanitization * S6664509, CVE-2013-0425: Add logging context * S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time * S6776941: CVE-2013-0427: Improve thread pool shutdown * S7141694, CVE-2013-0429: Improving CORBA internals * S7173145: Improve in-memory representation of splashscreens * S7186945: Unpack200 improvement * S7186946: Refine unpacker resource usage * S7186948: Improve Swing data validation * S7186952, CVE-2013-0432: Improve clipboard access * S7186954: Improve connection performance * S7186957: Improve Pack200 data validation * S7192392, CVE-2013-0443: Better validation of client keys * S7192393, CVE-2013-0440: Better Checking of order of TLS Messages * S7192977, CVE-2013-0442: Issue in toolkit thread * S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies * S7200491: Tighten up JTable layout code * S7200500: Launcher better input validation * S7201064: Better dialogue checking * S7201066, CVE-2013-0441: Change modifiers on unused fields * S7201068, CVE-2013-0435: Better handling of UI elements * S7201070: Serialization to conform to protocol * S7201071, CVE-2013-0433: InetSocketAddress serialization issue * S8000210: Improve JarFile code quality * S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class * S8000540, CVE-2013-1475: Improve IIOP type reuse management * S8000631, CVE-2013-1476: Restrict access to class constructor * S8001235, CVE-2013-0434: Improve JAXP HTTP handling * S8001242: Improve RMI HTTP conformance * S8001307: Modify ACC_SUPER behavior * S8001972, CVE-2013-1478: Improve image processing * S8002325, CVE-2013-1480: Improve management of images * Backports * S7010849: 5/5 Extraneous javac source/target options when building sa-jdi The updated packages provides icedtea6-1.11.6 which is not vulnerable to these issues. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: RHSA-2013:0247-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0247.html Issue date: 2013-02-08 CVE Names: CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0431 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0444 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0444) Multiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially-crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges. (CVE-2013-1478, CVE-2013-1480) A flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432) The default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435) Multiple improper permission check issues were discovered in the JMX, Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0431, CVE-2013-0427, CVE-2013-0433, CVE-2013-0434) It was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424) It was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2013-0440) It was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443) This erratum also upgrades the OpenJDK package to IcedTea7 2.3.5. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393) 860652 - CVE-2013-1475 OpenJDK: IIOP type reuse sandbox bypass (CORBA, 8000540, SE-2012-01 Issue 50) 906447 - CVE-2013-0431 OpenJDK: JMX Introspector missing package access check (JMX, 8000539, SE-2012-01 Issue 52) 906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318) 906892 - CVE-2013-0435 OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068) 906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972) 906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977) 906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057) 906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325) 906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537) 907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29) 907218 - CVE-2013-0444 OpenJDK: MethodFinder insufficient checks for cached results (Beans, 7200493) 907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952) 907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392) 907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509) 907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528) 907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235) 907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941) 907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071) 907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631) 907458 - CVE-2013-0441 OpenJDK: missing serialization restriction (CORBA, 7201066) 907460 - CVE-2013-0429 OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el5_9.i386.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el5_9.i386.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el5_9.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el5_9.i386.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el5_9.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el5_9.i386.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el5_9.i386.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el5_9.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el5_9.i386.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el5_9.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el6_3.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el6_3.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el6_3.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el6_3.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0424.html https://www.redhat.com/security/data/cve/CVE-2013-0425.html https://www.redhat.com/security/data/cve/CVE-2013-0426.html https://www.redhat.com/security/data/cve/CVE-2013-0427.html https://www.redhat.com/security/data/cve/CVE-2013-0428.html https://www.redhat.com/security/data/cve/CVE-2013-0429.html https://www.redhat.com/security/data/cve/CVE-2013-0431.html https://www.redhat.com/security/data/cve/CVE-2013-0432.html https://www.redhat.com/security/data/cve/CVE-2013-0433.html https://www.redhat.com/security/data/cve/CVE-2013-0434.html https://www.redhat.com/security/data/cve/CVE-2013-0435.html https://www.redhat.com/security/data/cve/CVE-2013-0440.html https://www.redhat.com/security/data/cve/CVE-2013-0441.html https://www.redhat.com/security/data/cve/CVE-2013-0442.html https://www.redhat.com/security/data/cve/CVE-2013-0443.html https://www.redhat.com/security/data/cve/CVE-2013-0444.html https://www.redhat.com/security/data/cve/CVE-2013-0445.html https://www.redhat.com/security/data/cve/CVE-2013-0450.html https://www.redhat.com/security/data/cve/CVE-2013-1475.html https://www.redhat.com/security/data/cve/CVE-2013-1476.html https://www.redhat.com/security/data/cve/CVE-2013-1478.html https://www.redhat.com/security/data/cve/CVE-2013-1480.html https://access.redhat.com/security/updates/classification/#important http://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.5/NEWS 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRFVXMXlSAg2UNWIIRAvzmAJsEIinMVfUD8oFejiNBbKBOxDtgqwCePy0t WzOE5rFNiST5oFX5kr3mRQA= =+39R -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Oracle Java Multiple Vulnerabilities SECUNIA ADVISORY ID: SA52064 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52064/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52064 RELEASE DATE: 2013-02-02 DISCUSS ADVISORY: http://secunia.com/advisories/52064/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/52064/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=52064 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious local users to gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. 1) An unspecified error in the 2D component of the client and server deployment can be exploited to potentially execute arbitrary code. 2) An unspecified error in the 2D component of the client and server deployment can be exploited to potentially execute arbitrary code. 5) An unspecified error in the AWT component of the client and server deployment can be exploited to potentially execute arbitrary code. 23) An unspecified error in the Deployment component of the client deployment can be exploited to disclose and manipulate certain data and cause a DoS. 24) An unspecified error in the Install component of the client deployment can be exploited by a local user to gain escalated privileges. 25) An unspecified error in the AWT component of the client deployment can be exploited to disclose and manipulate certain data. 26) An unspecified error in the Deployment component of the client deployment can be exploited to disclose certain data. 27) An unspecified error in the Deployment component of the client deployment can be exploited to manipulate certain data. 28) An unspecified error in the JAX-WS component of the client deployment can be exploited to disclose certain data. 29) An unspecified error in the JAXP component of the client deployment can be exploited to disclose certain data. 30) An unspecified error in the JMX component of the client deployment can be exploited to disclose certain data. 31) An unspecified error in the JMX component of the client deployment can be exploited to disclose certain data. 32) An unspecified error in the Libraries component of the client deployment can be exploited to manipulate certain data. 33) An unspecified error in the Libraries component of the client deployment can be exploited to manipulate certain data. 34) An unspecified error in the Networking component of the client deployment can be exploited to manipulate certain data. 35) An unspecified error in the RMI component of the client deployment can be exploited to manipulate certain data. 36) An unspecified error in the JSSE component of the server deployment can be exploited via SSL/TLS to cause a DoS. 37) An unspecified error in the Deployment component of the client deployment can be exploited to disclose certain data. 38) An unspecified error in the JSSE component of the client deployment can be exploited via SSL/TLS to disclose and manipulate certain data. The vulnerabilities are reported in the following products: * JDK and JRE 7 Update 11 and earlier. * JDK and JRE 6 Update 38 and earlier. * JDK and JRE 5.0 Update 38 and earlier. * SDK and JRE 1.4.2_40 and earlier. SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: One of the vulnerabilities is reported as a 0-day. It is currently unclear who reported the remaining vulnerabilities as the Oracle Jave SE Critical Patch Update for February 2013 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013verbose-1841196.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS