java: multiple vulnerabilities [LWN.net]

Package(s):

java-1.6.0-openjdk

CVE #(s):

CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506

Created:

February 15, 2012

Updated:

February 6, 2013

Description:

From the Red Hat advisory:

It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497)

It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2012-0505)

The AtomicReferenceArray class implementation did not properly check if the array was of the expected Object[] type. A malicious Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2011-3571)

It was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions. (CVE-2012-0503)

The HttpServer class did not limit the number of headers read from HTTP requests. A remote attacker could use this flaw to make an application using HttpServer use an excessive amount of CPU time via a specially-crafted request. This update introduces a header count limit controlled using the sun.net.httpserver.maxReqHeaders property. The default value is 200. (CVE-2011-5035)

The Java Sound component did not properly check buffer boundaries. Malicious input, or an untrusted Java application or applet could use this flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion of its memory. (CVE-2011-3563)

A flaw was found in the AWT KeyboardFocusManager that could allow an untrusted Java application or applet to acquire keyboard focus and possibly steal sensitive information. (CVE-2012-0502)

It was discovered that the CORBA (Common Object Request Broker Architecture) implementation in Java did not properly protect repository identifiers on certain CORBA objects. This could have been used to modify immutable object data. (CVE-2012-0506)

An off-by-one flaw, causing a stack overflow, was found in the unpacker for ZIP files. A specially-crafted ZIP archive could cause the Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501)

Alerts:

Red Hat	RHSA-2012:0135-01	2012-02-15
CentOS	CESA-2012:0135	2012-02-15
Scientific Linux	SL-java-20120215	2012-02-15
Fedora	FEDORA-2012-1690	2012-02-15
Oracle	ELSA-2012-0135	2012-02-15
Red Hat	RHSA-2012:0139-01	2012-02-16
Mandriva	MDVSA-2012:021	2012-02-17
Fedora	FEDORA-2012-1711	2012-02-17
Fedora	FEDORA-2012-1721	2012-02-22
Red Hat	RHSA-2012:0322-01	2012-02-21
Ubuntu	USN-1373-1	2012-02-24
Scientific Linux	SL-java-20120227	2012-02-27
openSUSE	openSUSE-SU-2012:0309-1	2012-02-27
Scientific Linux	SL-java-20120228	2012-02-28
SUSE	SUSE-SU-2012:0308-1	2012-02-27
Debian	DSA-2420-1	2012-02-28
Ubuntu	USN-1373-2	2012-03-01
Oracle	ELSA-2012-0322	2012-03-09
Red Hat	RHSA-2012:0508-01	2012-04-23
Red Hat	RHSA-2012:0514-01	2012-04-24
SUSE	SUSE-SU-2012:0602-1	2012-05-09
SUSE	SUSE-SU-2012:0603-1	2012-05-09
Red Hat	RHSA-2012:0702-01	2012-05-30
SUSE	SUSE-SU-2012:0734-1	2012-06-13
SUSE	SUSE-SU-2012:0881-1	2012-07-16
SUSE	SUSE-SU-2012:1013-1	2012-08-21
openSUSE	openSUSE-SU-2012:1323-1	2012-10-10
Fedora	FEDORA-2012-16351	2012-10-18
Fedora	FEDORA-2013-1898	2013-02-05

(Log in to post comments)