Summary: | <dev-java/icedtea{,-bin}-{6.1.11.5,7.2.3.3}: multiple vulnerabilities (CVE-2012-{3216,4416,5068,5069,5070,5071,5072,5073,5074,5075,5076,5077,5081,5084,5085,5086,5087,5089}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Ralph Sennhauser (RETIRED) <sera> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | java, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Ralph Sennhauser (RETIRED)
2012-10-17 21:44:51 UTC
CVE-2012-5089 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX. CVE-2012-5087 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. CVE-2012-5086 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. CVE-2012-5085 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking. NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so, then this is not a vulnerability and this issue should not be included in CVE. CVE-2012-5084 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing. CVE-2012-5081 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE. CVE-2012-5077 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Security. CVE-2012-5076 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS. CVE-2012-5075 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX. CVE-2012-5074 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality and integrity, related to JAX-WS. CVE-2012-5073 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. CVE-2012-5072 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security. CVE-2012-5071 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX. CVE-2012-5070 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, related to JMX. CVE-2012-5069 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency. CVE-2012-5068 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2012-4416 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot. CVE-2012-3216 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Now in tree: =dev-java/icedtea-6.1.11.5 =dev-java/icedtea-7.2.3.3 Ebuilds for other branches can be found in java-overlay. Please stabilize: =dev-java/icedtea-bin-6.1.11.5 amd64 stable x86 done, last arch! Thanks, everyone. Already on existing GLSA draft, ready for review. I'm just going to close this since no one cares. These versions have long gone. |