Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC

Bug 404071 (CVE-2011-3563)

Summary: <app-emulation/emul-linux-x86-java-1.6.0.31; <dev-java/sun-{jdk,jre-bin}-1.6.0.31; <dev-java/oracle-{jdk,jre}-bin-1.7.0.3 - multiple vulnerabilities (CVE-2011-{3563,3571,5035}) (CVE-2012-{0497,0498,0499,0500,0501,0502,0503,0504,0505,0506,0508})
Product: Gentoo Security Reporter: Ralph Sennhauser (RETIRED) <sera>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: java, mlspamcb
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html#PatchTable
Whiteboard: B1? [glsa]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 215614, 404095    

Description Ralph Sennhauser (RETIRED) gentoo-dev 2012-02-16 09:05:06 UTC
See url and https://secunia.com/advisories/48009/

Will bump the affected packages.
Comment 1 Agostino Sarubbo gentoo-dev 2012-02-16 10:24:02 UTC
*** Bug 404085 has been marked as a duplicate of this bug. ***
Comment 2 Ralph Sennhauser (RETIRED) gentoo-dev 2012-02-16 12:18:11 UTC
Version bumps are now in tree:
* app-emulation/emul-linux-x86-java-1.6.0.31
* dev-java/sun-jdk-1.6.0.31
* dev-java/sun-jre-bin-1.6.0.31
* dev-java/oracle-jdk-bin-1.7.0.3
* dev-java/oracle-jre-bin-1.7.0.3

The following need to be stabilized:
* =app-emulation/emul-linux-x86-java-1.6.0.31  (amd64)
* =dev-java/sun-jdk-1.6.0.31                   (amd64, x86)
* =dev-java/sun-jre-bin-1.6.0.31               (amd64, x86)
Comment 3 Agostino Sarubbo gentoo-dev 2012-02-17 21:54:17 UTC
amd64 stable
Comment 4 PaweĊ‚ Hajdan, Jr. (RETIRED) gentoo-dev 2012-02-18 15:08:08 UTC
x86 stable
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2012-02-18 21:32:47 UTC
Thanks, everyone. New GLSA request filed.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2012-02-20 05:08:31 UTC
CVE-2012-0506 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update
  33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web
  Start applications and untrusted Java applets to affect integrity via
  unknown vectors related to CORBA.

CVE-2012-0505 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33
  and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start
  applications and untrusted Java applets to affect confidentiality,
  integrity, and availability via unknown vectors related to Serialization.

CVE-2012-0504 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to Install and the Java Update mechanism.

CVE-2012-0503 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update
  33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web
  Start applications and untrusted Java applets to affect confidentiality,
  integrity, and availability, related to I18n.

CVE-2012-0502 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update
  33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web
  Start applications and untrusted Java applets to affect confidentiality and
  availability, related to AWT.

CVE-2012-0501 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0
  Update 33 and earlier allows remote attackers to affect availability via
  unknown vectors.

CVE-2012-0500 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX
  2.0.2 and earlier allows remote untrusted Java Web Start applications and
  untrusted Java applets to affect confidentiality, integrity, and
  availability via unknown vectors related to Deployment.

CVE-2012-0499 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update
  33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier;
  allows remote attackers to affect confidentiality, integrity, and
  availability via unknown vectors related to 2D.

CVE-2012-0498 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0
  Update 33 and earlier allows remote attackers to affect confidentiality,
  integrity, and availability via unknown vectors related to 2D.

CVE-2012-0497 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to 2D.

CVE-2011-3563 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update
  33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect
  confidentiality and availability via unknown vectors related to Sound.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2014-01-27 01:27:37 UTC
This issue was resolved and addressed in
 GLSA 201401-30 at http://security.gentoo.org/glsa/glsa-201401-30.xml
by GLSA coordinator Sean Amoss (ackle).