java: multiple vulnerabilities [LWN.net]

Package(s):

java-1.6.0-openjdk

CVE #(s):

CVE-2012-0547 CVE-2012-1682

Created:

September 4, 2012

Updated:

October 19, 2012

Description:

From the Red Hat advisory:

It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. (CVE-2012-1682)

A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions. (CVE-2012-0547)

Alerts:

Red Hat	RHSA-2012:1221-01	2012-09-03
Red Hat	RHSA-2012:1222-01	2012-09-03
Red Hat	RHSA-2012:1223-01	2012-09-03
Red Hat	RHSA-2012:1225-01	2012-09-04
CentOS	CESA-2012:1221	2012-09-03
CentOS	CESA-2012:1222	2012-09-03
CentOS	CESA-2012:1223	2012-09-03
Ubuntu	USN-1553-1	2012-09-03
Oracle	ELSA-2012-1221	2012-09-03
Oracle	ELSA-2012-1223	2012-09-03
Scientific Linux	SL-java-20120904	2012-09-04
Scientific Linux	SL-java-20120904	2012-09-04
Scientific Linux	SL-java-20120904	2012-09-04
Mageia	MGASA-2012-0252	2012-09-04
Oracle	ELSA-2012-1222	2012-09-04
Mageia	MGASA-2012-0260	2012-09-08
Mandriva	MDVSA-2012:150	2012-09-10
openSUSE	openSUSE-SU-2012:1154-1	2012-09-12
SUSE	SUSE-SU-2012:1148-1	2012-09-12
openSUSE	openSUSE-SU-2012:1175-1	2012-09-14
Red Hat	RHSA-2012:1289-01	2012-09-18
Fedora	FEDORA-2012-13127	2012-09-19
SUSE	SUSE-SU-2012:1231-1	2012-09-25
Mandriva	MDVSA-2012:150-1	2012-10-05
Red Hat	RHSA-2012:1392-01	2012-10-18
Scientific Linux	SL-java-20121030	2012-10-30
Red Hat	RHSA-2012:1466-01	2012-11-15

(Log in to post comments)