rhsa-2012_0730
Vulnerability from csaf_redhat
Published
2012-06-13 13:06
Modified
2024-11-14 12:12
Summary
Red Hat Security Advisory: java-1.6.0-openjdk security update
Notes
Topic
Updated java-1.6.0-openjdk packages that fix several security issues are
now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.
Multiple flaws were discovered in the CORBA (Common Object Request Broker
Architecture) implementation in Java. A malicious Java application or
applet could use these flaws to bypass Java sandbox restrictions or modify
immutable object data. (CVE-2012-1711, CVE-2012-1719)
It was discovered that the SynthLookAndFeel class from Swing did not
properly prevent access to certain UI elements from outside the current
application context. A malicious Java application or applet could use this
flaw to crash the Java Virtual Machine, or bypass Java sandbox
restrictions. (CVE-2012-1716)
Multiple flaws were discovered in the font manager's layout lookup
implementation. A specially-crafted font file could cause the Java Virtual
Machine to crash or, possibly, execute arbitrary code with the privileges
of the user running the virtual machine. (CVE-2012-1713)
Multiple flaws were found in the way the Java HotSpot Virtual Machine
verified the bytecode of the class file to be executed. A specially-crafted
Java application or applet could use these flaws to crash the Java Virtual
Machine, or bypass Java sandbox restrictions. (CVE-2012-1723,
CVE-2012-1725)
It was discovered that the Java XML parser did not properly handle certain
XML documents. An attacker able to make a Java application parse a
specially-crafted XML file could use this flaw to make the XML parser enter
an infinite loop. (CVE-2012-1724)
It was discovered that the Java security classes did not properly handle
Certificate Revocation Lists (CRL). CRL containing entries with duplicate
certificate serial numbers could have been ignored. (CVE-2012-1718)
It was discovered that various classes of the Java Runtime library could
create temporary files with insecure permissions. A local attacker could
use this flaw to gain access to the content of such temporary files.
(CVE-2012-1717)
This erratum also upgrades the OpenJDK package to IcedTea6 1.10.8. Refer to
the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated java-1.6.0-openjdk packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the CORBA (Common Object Request Broker\nArchitecture) implementation in Java. A malicious Java application or\napplet could use these flaws to bypass Java sandbox restrictions or modify\nimmutable object data. (CVE-2012-1711, CVE-2012-1719)\n\nIt was discovered that the SynthLookAndFeel class from Swing did not\nproperly prevent access to certain UI elements from outside the current\napplication context. A malicious Java application or applet could use this\nflaw to crash the Java Virtual Machine, or bypass Java sandbox\nrestrictions. (CVE-2012-1716)\n\nMultiple flaws were discovered in the font manager\u0027s layout lookup\nimplementation. A specially-crafted font file could cause the Java Virtual\nMachine to crash or, possibly, execute arbitrary code with the privileges\nof the user running the virtual machine. (CVE-2012-1713)\n\nMultiple flaws were found in the way the Java HotSpot Virtual Machine\nverified the bytecode of the class file to be executed. A specially-crafted\nJava application or applet could use these flaws to crash the Java Virtual\nMachine, or bypass Java sandbox restrictions. (CVE-2012-1723,\nCVE-2012-1725)\n\nIt was discovered that the Java XML parser did not properly handle certain\nXML documents. An attacker able to make a Java application parse a\nspecially-crafted XML file could use this flaw to make the XML parser enter\nan infinite loop. (CVE-2012-1724)\n\nIt was discovered that the Java security classes did not properly handle\nCertificate Revocation Lists (CRL). CRL containing entries with duplicate\ncertificate serial numbers could have been ignored. (CVE-2012-1718)\n\nIt was discovered that various classes of the Java Runtime library could\ncreate temporary files with insecure permissions. A local attacker could\nuse this flaw to gain access to the content of such temporary files.\n(CVE-2012-1717)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.8. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2012:0730", "url": "https://access.redhat.com/errata/RHSA-2012:0730" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.8/NEWS", "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.8/NEWS" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html" }, { "category": "external", "summary": "829354", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829354" }, { "category": "external", "summary": "829358", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829358" }, { "category": "external", "summary": "829360", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829360" }, { "category": "external", "summary": "829361", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829361" }, { "category": "external", "summary": "829371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829371" }, { "category": "external", "summary": "829372", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829372" }, { "category": "external", "summary": "829373", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829373" }, { "category": "external", "summary": "829374", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829374" }, { "category": "external", "summary": "829376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829376" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_0730.json" } ], "title": "Red Hat Security Advisory: java-1.6.0-openjdk security update", "tracking": { "current_release_date": "2024-11-14T12:12:34+00:00", "generator": { "date": "2024-11-14T12:12:34+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2012:0730", "initial_release_date": "2012-06-13T13:06:00+00:00", "revision_history": [ { "date": "2012-06-13T13:06:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2012-06-13T13:09:38+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T12:12:34+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux (v. 5 server)", "product": { "name": "Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "product": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-1.27.1.10.8.el5_8?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "product": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.27.1.10.8.el5_8?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "product": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-1.27.1.10.8.el5_8?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "product": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-1.27.1.10.8.el5_8?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "product": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-1.27.1.10.8.el5_8?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "product": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-1.27.1.10.8.el5_8?arch=i386\u0026epoch=1" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "product": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-1.27.1.10.8.el5_8?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "product": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.27.1.10.8.el5_8?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "product": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-1.27.1.10.8.el5_8?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "product": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-1.27.1.10.8.el5_8?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "product": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-1.27.1.10.8.el5_8?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "product": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-1.27.1.10.8.el5_8?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "product": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.27.1.10.8.el5_8?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "relates_to_product_reference": "5Server-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "relates_to_product_reference": "5Server-5.8.Z" } ] }, "vulnerabilities": [ { "cve": "CVE-2012-1711", "discovery_date": "2012-06-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "829354" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: improper protection of CORBA data models (CORBA, 7079902)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-1711" }, { "category": "external", "summary": "RHBZ#829354", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829354" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-1711", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1711" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1711", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1711" } ], "release_date": "2012-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-06-13T13:06:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0730" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: improper protection of CORBA data models (CORBA, 7079902)" }, { "cve": "CVE-2012-1713", "discovery_date": "2012-06-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "829361" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-1713" }, { "category": "external", "summary": "RHBZ#829361", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829361" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-1713", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1713" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1713", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1713" } ], "release_date": "2012-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-06-13T13:06:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0730" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617)" }, { "cve": "CVE-2012-1716", "discovery_date": "2012-06-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "829360" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-1716" }, { "category": "external", "summary": "RHBZ#829360", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829360" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-1716", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1716" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1716", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1716" } ], "release_date": "2012-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-06-13T13:06:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0730" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614)" }, { "cve": "CVE-2012-1717", "cwe": { "id": "CWE-732", "name": "Incorrect Permission Assignment for Critical Resource" }, "discovery_date": "2012-06-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "829358" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insecure temporary file permissions (JRE, 7143606)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-1717" }, { "category": "external", "summary": "RHBZ#829358", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829358" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-1717", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1717" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1717", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1717" } ], "release_date": "2012-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-06-13T13:06:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0730" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK: insecure temporary file permissions (JRE, 7143606)" }, { "cve": "CVE-2012-1718", "discovery_date": "2012-06-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "829372" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-1718" }, { "category": "external", "summary": "RHBZ#829372", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829372" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-1718", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1718" } ], "release_date": "2012-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-06-13T13:06:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0730" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)" }, { "cve": "CVE-2012-1719", "discovery_date": "2012-06-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "829371" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-1719" }, { "category": "external", "summary": "RHBZ#829371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829371" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-1719", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1719" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1719", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1719" } ], "release_date": "2012-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-06-13T13:06:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0730" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851)" }, { "cve": "CVE-2012-1723", "discovery_date": "2012-06-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "829373" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insufficient field accessibility checks (HotSpot, 7152811)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-1723" }, { "category": "external", "summary": "RHBZ#829373", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829373" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-1723", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1723" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1723", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1723" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2012-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-06-13T13:06:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0730" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-03-03T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: insufficient field accessibility checks (HotSpot, 7152811)" }, { "cve": "CVE-2012-1724", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2012-06-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "829374" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect availability, related to JAXP.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: XML parsing infinite loop (JAXP, 7157609)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-1724" }, { "category": "external", "summary": "RHBZ#829374", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829374" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-1724", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1724" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1724", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1724" } ], "release_date": "2012-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-06-13T13:06:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0730" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: XML parsing infinite loop (JAXP, 7157609)" }, { "cve": "CVE-2012-1725", "discovery_date": "2012-06-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "829376" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insufficient invokespecial \u003cinit\u003e verification (HotSpot, 7160757)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-1725" }, { "category": "external", "summary": "RHBZ#829376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829376" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-1725", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1725" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1725", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1725" } ], "release_date": "2012-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-06-13T13:06:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0730" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Client-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Client-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.src", "5Server-5.8.Z:java-1.6.0-openjdk-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.i386", "5Server-5.8.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.27.1.10.8.el5_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: insufficient invokespecial \u003cinit\u003e verification (HotSpot, 7160757)" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.