| Summary: | <app-emulation/emul-linux-x86-java-1.6.0.31; <dev-java/sun-{jdk,jre-bin}-1.6.0.31; <dev-java/oracle-{jdk,jre}-bin-1.7.0.3 - multiple vulnerabilities (CVE-2011-{3563,3571,5035}) (CVE-2012-{0497,0498,0499,0500,0501,0502,0503,0504,0505,0506,0508}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Ralph Sennhauser (RETIRED) <sera> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | java, mlspamcb |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html#PatchTable | ||
| Whiteboard: | B1? [glsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 215614, 404095 | ||
|
Description
Ralph Sennhauser (RETIRED)
2012-02-16 09:05:06 UTC
*** Bug 404085 has been marked as a duplicate of this bug. *** Version bumps are now in tree: * app-emulation/emul-linux-x86-java-1.6.0.31 * dev-java/sun-jdk-1.6.0.31 * dev-java/sun-jre-bin-1.6.0.31 * dev-java/oracle-jdk-bin-1.7.0.3 * dev-java/oracle-jre-bin-1.7.0.3 The following need to be stabilized: * =app-emulation/emul-linux-x86-java-1.6.0.31 (amd64) * =dev-java/sun-jdk-1.6.0.31 (amd64, x86) * =dev-java/sun-jre-bin-1.6.0.31 (amd64, x86) amd64 stable x86 stable Thanks, everyone. New GLSA request filed. CVE-2012-0506 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA. CVE-2012-0505 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. CVE-2012-0504 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install and the Java Update mechanism. CVE-2012-0503 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n. CVE-2012-0502 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT. CVE-2012-0501 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors. CVE-2012-0500 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2012-0499 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2012-0498 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2012-0497 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2011-3563 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound. This issue was resolved and addressed in GLSA 201401-30 at http://security.gentoo.org/glsa/glsa-201401-30.xml by GLSA coordinator Sean Amoss (ackle). |