Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 340421 - dev-java/sun-jdk, sun-jre-bin, app-emulation/emul-linux-x86-java <1.6.0.22: Multiple vulnerabilities (CVE-2009-3555, CVE-2010-{1321,3541,3548,3549,3550,3551,3552,3553,3554,3555,3556,3557,3558,3559,3560,3561,3562,3563,3565,3566,3567,3568,3569,3570,3571,...
Summary: dev-java/sun-jdk, sun-jre-bin, app-emulation/emul-linux-x86-java <1.6.0.22: M...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://www.oracle.com/technetwork/top...
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks: java-security 340819 CVE-2010-4476
  Show dependency tree
 
Reported: 2010-10-10 20:22 UTC by Vlastimil Babka (Caster) (RETIRED)
Modified: 2011-11-05 10:25 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2010-10-10 20:22:51 UTC
From $URL:

Oracle Java SE and Java for Business Critical Patch Update Pre-Release Announcement - October 2010

.. which will be released on Tuesday, October 12, 2010.

This Critical Patch Update is a collection of patches for multiple security vulnerabilities in Java SE and Java for Business releases. This Critical Patch Update contains 29 security vulnerability fixes. 

Vulnerabilities fixed by Critical Patch Updates are scored using the standard CVSS 2.0 scoring (see Oracle's Use of CVSS Scoring). The highest CVSS 2.0 base score for vulnerabilities in this Critical Patch Update is 10.
Supported Products Affected

Security vulnerabilities addressed by this Critical Patch Update affect the following products:

    JDK and JRE 6 Update 21 and earlier for Windows, Solaris, and Linux
    JDK and JRE 5.0 Update 25 and earlier for Windows, Solaris and Linux
    SDK and JRE 1.4.2_27 and earlier for Windows, Solaris and Linux

This Critical Patch Update contains 29 new security vulnerability fixes for the Java SE and Java for Business releases. 28 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The highest CVSS base score of vulnerabilities affecting Java SE and Java for Business releases is 10.
Comment 1 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2010-10-12 21:27:19 UTC
Please stabilize version 1.6.0.22

x86: dev-java/sun-jdk, dev-java/sun-jre-bin
amd64: $x86, app-emulation/emul-linux-x86-java
Comment 2 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-10-13 07:05:44 UTC
x86 stable
Comment 3 Markos Chandras (RETIRED) gentoo-dev 2010-10-13 11:24:03 UTC
amd64 done
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2010-11-18 19:42:08 UTC
CVEs from $URL:

CVE-2009-3555
CVE-2010-1321
CVE-2010-3541
CVE-2010-3548
CVE-2010-3549
CVE-2010-3550
CVE-2010-3551
CVE-2010-3552
CVE-2010-3553
CVE-2010-3554
CVE-2010-3555
CVE-2010-3556
CVE-2010-3557
CVE-2010-3558
CVE-2010-3559
CVE-2010-3560
CVE-2010-3561
CVE-2010-3562
CVE-2010-3563
CVE-2010-3565
CVE-2010-3566
CVE-2010-3567
CVE-2010-3568
CVE-2010-3569
CVE-2010-3570
CVE-2010-3571
CVE-2010-3572
CVE-2010-3573
CVE-2010-3574

GLSA request filed.
Comment 5 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2011-03-07 00:06:52 UTC
The original summary for this bug was longer than 255 characters, and so it was truncated when Bugzilla was upgraded. The original summary was:

dev-java/sun-jdk, sun-jre-bin, app-emulation/emul-linux-x86-java <1.6.0.22: Multiple vulnerabilities (CVE-2009-3555, CVE-2010-{1321,3541,3548,3549,3550,3551,3552,3553,3554,3555,3556,3557,3558,3559,3560,3561,3562,3563,3565,3566,3567,3568,3569,3570,3571,3572,3573,3574})
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2011-06-13 17:43:01 UTC
CVE-2010-3574 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574):
  Unspecified vulnerability in the Networking component in Oracle Java SE and
  Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors.  NOTE: the previous information was obtained from the
  October 2010 CPU.  Oracle has not commented on claims from a reliable
  downstream vendor that HttpURLConnection does not properly check for the
  allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE
  requests.

CVE-2010-3573 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573):
  Unspecified vulnerability in the Networking component in Oracle Java SE and
  Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to
  affect confidentiality, integrity, and availability via unknown vectors. 
  NOTE: the previous information was obtained from the October 2010 CPU. 
  Oracle has not commented on claims from a reliable downstream vendor that
  this is related to missing validation of request headers in the
  HttpURLConnection class when they are set by applets, which allows remote
  attackers to bypass the intended security policy.

CVE-2010-3572 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572):
  Unspecified vulnerability in the Sound component in Oracle Java SE and Java
  for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors.

CVE-2010-3571 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571):
  Unspecified vulnerability in the 2D component in Oracle Java SE and Java for
  Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote
  attackers to affect confidentiality, integrity, and availability via unknown
  vectors.  NOTE: the previous information was obtained from the October 2010
  CPU.  Oracle has not commented on claims from a reliable researcher that
  this is an integer overflow in the color profile parser that allows remote
  attackers to execute arbitrary code via a crafted Tag structure in a color
  profile.

CVE-2010-3570 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570):
  Unspecified vulnerability in the Deployment Toolkit component in Oracle Java
  SE and Java for Business 6 Update 21 allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors.

CVE-2010-3569 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569):
  Unspecified vulnerability in the Java Runtime Environment component in
  Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and
  1.4.2_27 allows remote attackers to affect confidentiality, integrity, and
  availability via unknown vectors.  NOTE: the previous information was
  obtained from the October 2010 CPU.  Oracle has not commented on claims from
  a reliable downstream vendor that this allows remote attackers to execute
  arbitrary code by causing the defaultReadObject method in the Serialization
  API to set a volatile field multiple times.

CVE-2010-3568 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568):
  Unspecified vulnerability in the Java Runtime Environment component in
  Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and
  1.4.2_27 allows remote attackers to affect confidentiality, integrity, and
  availability via unknown vectors.  NOTE: the previous information was
  obtained from the October 2010 CPU.  Oracle has not commented on claims from
  a reliable downstream vendor that this is a race condition related to
  deserialization.

CVE-2010-3567 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567):
  Unspecified vulnerability in the 2D component in Oracle Java SE and Java for
  Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors.  NOTE: the
  previous information was obtained from the October 2010 CPU.  Oracle has not
  commented on claims from a reliable downstream vendor that this is related
  to a calculation error in right-to-left text character counts for the ICU
  OpenType font rendering implementation, which triggers an out-of-bounds
  memory access.

CVE-2010-3566 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566):
  Unspecified vulnerability in the 2D component in Oracle Java SE and Java for
  Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors.  NOTE: the
  previous information was obtained from the October 2010 CPU.  Oracle has not
  commented on claims from a reliable researcher that this is an integer
  overflow that leads to a buffer overflow via a crafted devs (device
  information) tag structure in a color profile.

CVE-2010-3565 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565):
  Unspecified vulnerability in the 2D component in Oracle Java SE and Java for
  Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to
  affect confidentiality, integrity, and availability via unknown vectors. 
  NOTE: the previous information was obtained from the October 2010 CPU. 
  Oracle has not commented on claims from a reliable researcher that this is
  an integer overflow that triggers memory corruption via large values in a
  subsample of a JPEG image, related to JPEGImageWriter.writeImage in the
  imageio API.

CVE-2010-3563 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563):
  Unspecified vulnerability in the Deployment component in Oracle Java SE and
  Java for Business 6 Update 21 allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors. NOTE: the
  previous information was obtained from the October 2010 CPU. Oracle has not
  commented on claims from a reliable researcher that this is related to "how
  Web Start retrieves security policies," BasicServiceImpl, and forged
  policies that bypass sandbox restrictions.

CVE-2010-3562 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562):
  Unspecified vulnerability in the 2D component in Oracle Java SE and Java for
  Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote
  attackers to affect confidentiality, integrity, and availability via unknown
  vectors.  NOTE: the previous information was obtained from the October 2010
  CPU.  Oracle has not commented on claims from a reliable downstream vendor
  that this is a double free vulnerability in IndexColorModel that allows
  remote attackers to cause a denial of service (crash) and possibly execute
  arbitrary code.

CVE-2010-3561 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561):
  Unspecified vulnerability in the CORBA component in Oracle Java SE and Java
  for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors.  NOTE: the
  previous information was obtained from the October 2010 CPU.  Oracle has not
  commented on claims from a reliable downstream vendor that this involves the
  use of the privileged accept method in the ServerSocket class, which does
  not limit which hosts can connect and allows remote attackers to bypass
  intended network access restrictions.

CVE-2010-3560 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560):
  Unspecified vulnerability in the Networking component in Oracle Java SE and
  Java for Business 6 Update 21 allows remote attackers to affect
  confidentiality via unknown vectors.

CVE-2010-3559 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559):
  Unspecified vulnerability in the Sound component in Oracle Java SE and Java
  for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors.  NOTE: the previous information was obtained from the
  October 2010 CPU.  Oracle has not commented on claims from a reliable
  researcher that this involves an incorrect sign extension in the
  HeadspaceSoundbank.nGetName function, which allows attackers to execute
  arbitrary code via a crafted BANK record that leads to a buffer overflow.

CVE-2010-3558 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558):
  Unspecified vulnerability in the Java Web Start component in Oracle Java SE
  and Java for Business 6 Update 21 allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors.

CVE-2010-3557 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557):
  Unspecified vulnerability in the Swing component in Oracle Java SE and Java
  for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors.  NOTE: the previous information was obtained from the
  October 2010 CPU.  Oracle has not commented on claims from a reliable
  downstream vendor that this is related to the modification of "behavior and
  state of certain JDK classes" and "mutable static."

CVE-2010-3556 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556):
  Unspecified vulnerability in the 2D component in Oracle Java SE and Java for
  Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote
  attackers to affect confidentiality, integrity, and availability via unknown
  vectors.

CVE-2010-3555 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555):
  Unspecified vulnerability in the Deployment component in Oracle Java SE and
  Java for Business 6 Update 21 allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors. NOTE: the
  previous information was obtained from the January 2011 CPU. Oracle has not
  commented on claims from a reliable third party coordinator that the ActiveX
  Plugin does not properly initialize an object field that is used as a window
  handle, which allows attackers to execute arbitrary code.

CVE-2010-3554 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554):
  Unspecified vulnerability in the CORBA component in Oracle Java SE and Java
  for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors.  NOTE: the previous information was obtained from the
  October 2010 CPU.  Oracle has not commented on claims from a reliable
  downstream vendor that this is related to "permissions granted to certain
  system objects."

CVE-2010-3553 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553):
  Unspecified vulnerability in the Swing component in Oracle Java SE and Java
  for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors.  NOTE: the previous information was obtained from the
  October 2010 CPU.  Oracle has not commented on claims from a reliable
  downstream vendor that this is related to unsafe reflection involving the
  UIDefault.ProxyLazyValue class.

CVE-2010-3552 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552):
  Unspecified vulnerability in the New Java Plug-in component in Oracle Java
  SE and Java for Business 6 Update 21 allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors.

CVE-2010-3551 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551):
  Unspecified vulnerability in the Networking component in Oracle Java SE and
  Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote
  attackers to affect confidentiality via unknown vectors.

CVE-2010-3550 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550):
  Unspecified vulnerability in the Java Web Start component in Oracle Java SE
  and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers
  to affect confidentiality, integrity, and availability via unknown vectors.

CVE-2010-3549 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549):
  Unspecified vulnerability in the Networking component in Oracle Java SE and
  Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors.  NOTE: the previous information was obtained from the
  October 2010 CPU.  Oracle has not commented on claims from a reliable
  downstream vendor that this is an HTTP request splitting vulnerability
  involving the handling of the chunked transfer encoding method by the
  HttpURLConnection class.

CVE-2010-3548 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548):
  Unspecified vulnerability in the Java Naming and Directory Interface (JNDI)
  component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update
  25, and 1.4.2_27 allows remote attackers to affect confidentiality via
  unknown vectors.  NOTE: the previous information was obtained from the
  October 2010 CPU.  Oracle has not commented on claims from a reliable
  downstream vendor that this allows remote attackers to determine internal IP
  addresses or "otherwise-protected internal network names."

CVE-2010-3541 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541):
  Unspecified vulnerability in the Networking component in Oracle Java SE and
  Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors.  NOTE: the previous information was obtained from the
  October 2010 CPU.  Oracle has not commented on claims from a reliable
  downstream vendor that this is related to missing validation of request
  headers in the HttpURLConnection class when they are set by applets, which
  allows remote attackers to bypass the intended security policy.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2011-11-05 10:24:35 UTC
This issue was resolved and addressed in
 GLSA 201111-02 at http://security.gentoo.org/glsa/glsa-201111-02.xml
by GLSA coordinator Alex Legler (a3li).
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2011-11-05 10:25:35 UTC
This issue was resolved and addressed in
 GLSA 201111-02 at http://security.gentoo.org/glsa/glsa-201111-02.xml
by GLSA coordinator Alex Legler (a3li).