Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 404071 (CVE-2011-3563) - <app-emulation/emul-linux-x86-java-1.6.0.31; <dev-java/sun-{jdk,jre-bin}-1.6.0.31; <dev-java/oracle-{jdk,jre}-bin-1.7.0.3 - multiple vulnerabilities (CVE-2011-{3563,3571,5035}) (CVE-2012-{0497,0498,0499,0500,0501,0502,0503,0504,0505,0506,0508})
Summary: <app-emulation/emul-linux-x86-java-1.6.0.31; <dev-java/sun-{jdk,jre-bin}-1.6....
Status: RESOLVED FIXED
Alias: CVE-2011-3563
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://www.oracle.com/technetwork/top...
Whiteboard: B1? [glsa]
Keywords:
: 404085 (view as bug list)
Depends on:
Blocks: java-security 404095
  Show dependency tree
 
Reported: 2012-02-16 09:05 UTC by Ralph Sennhauser (RETIRED)
Modified: 2014-01-27 01:27 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ralph Sennhauser (RETIRED) gentoo-dev 2012-02-16 09:05:06 UTC
See url and https://secunia.com/advisories/48009/

Will bump the affected packages.
Comment 1 Agostino Sarubbo gentoo-dev 2012-02-16 10:24:02 UTC
*** Bug 404085 has been marked as a duplicate of this bug. ***
Comment 2 Ralph Sennhauser (RETIRED) gentoo-dev 2012-02-16 12:18:11 UTC
Version bumps are now in tree:
* app-emulation/emul-linux-x86-java-1.6.0.31
* dev-java/sun-jdk-1.6.0.31
* dev-java/sun-jre-bin-1.6.0.31
* dev-java/oracle-jdk-bin-1.7.0.3
* dev-java/oracle-jre-bin-1.7.0.3

The following need to be stabilized:
* =app-emulation/emul-linux-x86-java-1.6.0.31  (amd64)
* =dev-java/sun-jdk-1.6.0.31                   (amd64, x86)
* =dev-java/sun-jre-bin-1.6.0.31               (amd64, x86)
Comment 3 Agostino Sarubbo gentoo-dev 2012-02-17 21:54:17 UTC
amd64 stable
Comment 4 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-02-18 15:08:08 UTC
x86 stable
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2012-02-18 21:32:47 UTC
Thanks, everyone. New GLSA request filed.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2012-02-20 05:08:31 UTC
CVE-2012-0506 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update
  33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web
  Start applications and untrusted Java applets to affect integrity via
  unknown vectors related to CORBA.

CVE-2012-0505 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33
  and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start
  applications and untrusted Java applets to affect confidentiality,
  integrity, and availability via unknown vectors related to Serialization.

CVE-2012-0504 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to Install and the Java Update mechanism.

CVE-2012-0503 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update
  33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web
  Start applications and untrusted Java applets to affect confidentiality,
  integrity, and availability, related to I18n.

CVE-2012-0502 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update
  33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web
  Start applications and untrusted Java applets to affect confidentiality and
  availability, related to AWT.

CVE-2012-0501 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0
  Update 33 and earlier allows remote attackers to affect availability via
  unknown vectors.

CVE-2012-0500 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX
  2.0.2 and earlier allows remote untrusted Java Web Start applications and
  untrusted Java applets to affect confidentiality, integrity, and
  availability via unknown vectors related to Deployment.

CVE-2012-0499 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update
  33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier;
  allows remote attackers to affect confidentiality, integrity, and
  availability via unknown vectors related to 2D.

CVE-2012-0498 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0
  Update 33 and earlier allows remote attackers to affect confidentiality,
  integrity, and availability via unknown vectors related to 2D.

CVE-2012-0497 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to 2D.

CVE-2011-3563 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update
  33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect
  confidentiality and availability via unknown vectors related to Sound.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2014-01-27 01:27:37 UTC
This issue was resolved and addressed in
 GLSA 201401-30 at http://security.gentoo.org/glsa/glsa-201401-30.xml
by GLSA coordinator Sean Amoss (ackle).