rhsa-2012_0322
Vulnerability from csaf_redhat
Published
2012-02-21 21:57
Modified
2024-11-14 11:30
Summary
Red Hat Security Advisory: java-1.6.0-openjdk security update
Notes
Topic
Updated java-1.6.0-openjdk packages that fix several security issues are
now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.
It was discovered that Java2D did not properly check graphics rendering
objects before passing them to the native renderer. Malicious input, or an
untrusted Java application or applet could use this flaw to crash the Java
Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497)
It was discovered that the exception thrown on deserialization failure did
not always contain a proper identification of the cause of the failure. An
untrusted Java application or applet could use this flaw to bypass Java
sandbox restrictions. (CVE-2012-0505)
The AtomicReferenceArray class implementation did not properly check if
the array was of the expected Object[] type. A malicious Java application
or applet could use this flaw to bypass Java sandbox restrictions.
(CVE-2011-3571)
It was discovered that the use of TimeZone.setDefault() was not restricted
by the SecurityManager, allowing an untrusted Java application or applet to
set a new default time zone, and hence bypass Java sandbox restrictions.
(CVE-2012-0503)
The HttpServer class did not limit the number of headers read from HTTP
requests. A remote attacker could use this flaw to make an application
using HttpServer use an excessive amount of CPU time via a
specially-crafted request. This update introduces a header count limit
controlled using the sun.net.httpserver.maxReqHeaders property. The default
value is 200. (CVE-2011-5035)
The Java Sound component did not properly check buffer boundaries.
Malicious input, or an untrusted Java application or applet could use this
flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion
of its memory. (CVE-2011-3563)
A flaw was found in the AWT KeyboardFocusManager that could allow an
untrusted Java application or applet to acquire keyboard focus and possibly
steal sensitive information. (CVE-2012-0502)
It was discovered that the CORBA (Common Object Request Broker
Architecture) implementation in Java did not properly protect repository
identifiers on certain CORBA objects. This could have been used to modify
immutable object data. (CVE-2012-0506)
An off-by-one flaw, causing a stack overflow, was found in the unpacker for
ZIP files. A specially-crafted ZIP archive could cause the Java Virtual
Machine (JVM) to crash when opened. (CVE-2012-0501)
This erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to
the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated java-1.6.0-openjdk packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nIt was discovered that Java2D did not properly check graphics rendering\nobjects before passing them to the native renderer. Malicious input, or an\nuntrusted Java application or applet could use this flaw to crash the Java\nVirtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497)\n\nIt was discovered that the exception thrown on deserialization failure did\nnot always contain a proper identification of the cause of the failure. An\nuntrusted Java application or applet could use this flaw to bypass Java\nsandbox restrictions. (CVE-2012-0505)\n\nThe AtomicReferenceArray class implementation did not properly check if\nthe array was of the expected Object[] type. A malicious Java application\nor applet could use this flaw to bypass Java sandbox restrictions.\n(CVE-2011-3571)\n\nIt was discovered that the use of TimeZone.setDefault() was not restricted\nby the SecurityManager, allowing an untrusted Java application or applet to\nset a new default time zone, and hence bypass Java sandbox restrictions.\n(CVE-2012-0503)\n\nThe HttpServer class did not limit the number of headers read from HTTP\nrequests. A remote attacker could use this flaw to make an application\nusing HttpServer use an excessive amount of CPU time via a\nspecially-crafted request. This update introduces a header count limit\ncontrolled using the sun.net.httpserver.maxReqHeaders property. The default\nvalue is 200. (CVE-2011-5035)\n\nThe Java Sound component did not properly check buffer boundaries.\nMalicious input, or an untrusted Java application or applet could use this\nflaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion\nof its memory. (CVE-2011-3563)\n\nA flaw was found in the AWT KeyboardFocusManager that could allow an\nuntrusted Java application or applet to acquire keyboard focus and possibly\nsteal sensitive information. (CVE-2012-0502)\n\nIt was discovered that the CORBA (Common Object Request Broker\nArchitecture) implementation in Java did not properly protect repository\nidentifiers on certain CORBA objects. This could have been used to modify\nimmutable object data. (CVE-2012-0506)\n\nAn off-by-one flaw, causing a stack overflow, was found in the unpacker for\nZIP files. A specially-crafted ZIP archive could cause the Java Virtual\nMachine (JVM) to crash when opened. (CVE-2012-0501)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2012:0322", "url": "https://access.redhat.com/errata/RHSA-2012:0322" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.6/NEWS", "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.6/NEWS" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html" }, { "category": "external", "summary": "788606", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=788606" }, { "category": "external", "summary": "788624", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=788624" }, { "category": "external", "summary": "788976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=788976" }, { "category": "external", "summary": "788994", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=788994" }, { "category": "external", "summary": "789295", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=789295" }, { "category": "external", "summary": "789297", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=789297" }, { "category": "external", "summary": "789299", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=789299" }, { "category": "external", "summary": "789300", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=789300" }, { "category": "external", "summary": "789301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=789301" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_0322.json" } ], "title": "Red Hat Security Advisory: java-1.6.0-openjdk security update", "tracking": { "current_release_date": "2024-11-14T11:30:43+00:00", "generator": { "date": "2024-11-14T11:30:43+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2012:0322", "initial_release_date": "2012-02-21T21:57:00+00:00", "revision_history": [ { "date": "2012-02-21T21:57:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2012-02-21T21:57:32+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T11:30:43+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux (v. 5 server)", "product": { "name": "Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "product": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-1.25.1.10.6.el5_8?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "product": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.25.1.10.6.el5_8?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "product": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-1.25.1.10.6.el5_8?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "product": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-1.25.1.10.6.el5_8?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "product": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-1.25.1.10.6.el5_8?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "product": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-1.25.1.10.6.el5_8?arch=i386\u0026epoch=1" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "product": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-1.25.1.10.6.el5_8?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "product": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.25.1.10.6.el5_8?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "product": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-1.25.1.10.6.el5_8?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "product": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-1.25.1.10.6.el5_8?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "product": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-1.25.1.10.6.el5_8?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "product": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-1.25.1.10.6.el5_8?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "product": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.25.1.10.6.el5_8?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "relates_to_product_reference": "5Server-5.8.Z" } ] }, "vulnerabilities": [ { "cve": "CVE-2011-3563", "discovery_date": "2012-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "789295" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: JavaSound incorrect bounds check (Sound, 7088367)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3563" }, { "category": "external", "summary": "RHBZ#789295", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=789295" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3563", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3563" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3563", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3563" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html" } ], "release_date": "2012-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-21T21:57:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0322" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: JavaSound incorrect bounds check (Sound, 7088367)" }, { "cve": "CVE-2011-3571", "discovery_date": "2012-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "788994" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) component in Oracle Virtualization 3.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Session. NOTE: this CVE identifier was accidentally used for a Concurrency issue in Java Runtime Environment, but that issue has been reassigned to CVE-2012-0507.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3571" }, { "category": "external", "summary": "RHBZ#788994", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=788994" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3571", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3571" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3571", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3571" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html" } ], "release_date": "2012-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-21T21:57:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0322" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)" }, { "cve": "CVE-2011-5035", "discovery_date": "2011-11-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "771283" } ], "notes": [ { "category": "description", "text": "Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.", "title": "Vulnerability description" }, { "category": "summary", "text": "GlassFish: hash table collisions CPU usage DoS (oCERT-2011-003)", "title": "Vulnerability summary" }, { "category": "other", "text": "Not vulnerable. This issue affects the GlassFish Web Container component. This\ncomponent is not shipped with any Red Hat products. JBoss Web and Tomcat\nprovide the web container used in all JBoss products.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-5035" }, { "category": "external", "summary": "RHBZ#771283", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=771283" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-5035", "url": "https://www.cve.org/CVERecord?id=CVE-2011-5035" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-5035", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-5035" } ], "release_date": "2011-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-21T21:57:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0322" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "GlassFish: hash table collisions CPU usage DoS (oCERT-2011-003)" }, { "cve": "CVE-2012-0497", "discovery_date": "2012-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "789301" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0497" }, { "category": "external", "summary": "RHBZ#789301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=789301" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0497", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0497" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0497", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0497" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html" } ], "release_date": "2012-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-21T21:57:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0322" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642)" }, { "cve": "CVE-2012-0501", "cwe": { "id": "CWE-193", "name": "Off-by-one Error" }, "discovery_date": "2012-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "788624" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0501" }, { "category": "external", "summary": "RHBZ#788624", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=788624" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0501", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0501" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0501", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0501" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html" } ], "release_date": "2012-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-21T21:57:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0322" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283)" }, { "cve": "CVE-2012-0502", "discovery_date": "2012-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "789297" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0502" }, { "category": "external", "summary": "RHBZ#789297", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=789297" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0502", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0502" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0502", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0502" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html" } ], "release_date": "2012-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-21T21:57:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0322" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683)" }, { "cve": "CVE-2012-0503", "discovery_date": "2012-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "788976" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0503" }, { "category": "external", "summary": "RHBZ#788976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=788976" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0503", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0503" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0503", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0503" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html" } ], "release_date": "2012-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-21T21:57:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0322" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687)" }, { "cve": "CVE-2012-0505", "discovery_date": "2012-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "789299" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0505" }, { "category": "external", "summary": "RHBZ#789299", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=789299" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0505", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0505" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0505", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0505" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html" } ], "release_date": "2012-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-21T21:57:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0322" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700)" }, { "cve": "CVE-2012-0506", "discovery_date": "2012-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "789300" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: mutable repository identifiers (CORBA, 7110704)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0506" }, { "category": "external", "summary": "RHBZ#789300", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=789300" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0506", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0506" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0506", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0506" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html" } ], "release_date": "2012-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-21T21:57:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0322" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: mutable repository identifiers (CORBA, 7110704)" }, { "cve": "CVE-2012-0507", "discovery_date": "2012-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "788994" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0507" }, { "category": "external", "summary": "RHBZ#788994", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=788994" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0507", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0507" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0507", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0507" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2012-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-02-21T21:57:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0322" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-03-03T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)" } ] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.