Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 438750 (CVE-2012-3216)

Summary: <dev-java/icedtea{,-bin}-{6.1.11.5,7.2.3.3}: multiple vulnerabilities (CVE-2012-{3216,4416,5068,5069,5070,5071,5072,5073,5074,5075,5076,5077,5081,5084,5085,5086,5087,5089})
Product: Gentoo Security Reporter: Ralph Sennhauser (RETIRED) <sera>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: java, proxy-maint
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Ralph Sennhauser (RETIRED) gentoo-dev 2012-10-17 21:44:51 UTC
New security releases are available for IcedTea 6:
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-October/020556.html
and IcedTea 7:
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-October/020571.html
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2012-10-17 23:14:02 UTC
CVE-2012-5089 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0
  Update 36 and earlier allows remote attackers to affect confidentiality,
  integrity, and availability, related to JMX.

CVE-2012-5087 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors related to
  Beans.

CVE-2012-5086 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to Beans.

CVE-2012-5085 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update
  36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users
  to have an unspecified impact via unknown vectors related to Networking. 
  NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so,
  then this is not a vulnerability and this issue should not be included in
  CVE.

CVE-2012-5084 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update
  36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors related to
  Swing.

CVE-2012-5081 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update
  36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect
  availability, related to JSSE.

CVE-2012-5077 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update
  36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect
  confidentiality via unknown vectors related to Security.

CVE-2012-5076 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability, related to JAX-WS.

CVE-2012-5075 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0
  Update 36 and earlier allows remote attackers to affect confidentiality,
  related to JMX.

CVE-2012-5074 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect
  confidentiality and integrity, related to JAX-WS.

CVE-2012-5073 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update
  36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect
  integrity via unknown vectors related to Libraries.

CVE-2012-5072 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows
  remote attackers to affect confidentiality via unknown vectors related to
  Security.

CVE-2012-5071 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0
  Update 36 and earlier allows remote attackers to affect confidentiality and
  integrity, related to JMX.

CVE-2012-5070 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect
  confidentiality, related to JMX.

CVE-2012-5069 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0
  Update 36 and earlier allows remote attackers to affect confidentiality and
  integrity via unknown vectors related to Concurrency.

CVE-2012-5068 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to Libraries.

CVE-2012-4416 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows
  remote attackers to affect confidentiality and integrity via unknown vectors
  related to Hotspot.

CVE-2012-3216 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update
  36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect
  confidentiality via unknown vectors related to Libraries.
Comment 2 Ralph Sennhauser (RETIRED) gentoo-dev 2012-10-18 15:47:33 UTC
Now in tree:
=dev-java/icedtea-6.1.11.5
=dev-java/icedtea-7.2.3.3

Ebuilds for other branches can be found in java-overlay.
Comment 3 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2012-10-20 21:48:37 UTC
Please stabilize:

=dev-java/icedtea-bin-6.1.11.5
Comment 4 Agostino Sarubbo gentoo-dev 2012-10-21 10:31:58 UTC
amd64 stable
Comment 5 Andreas Schürch gentoo-dev 2012-10-31 14:25:08 UTC
x86 done, last arch!
Comment 6 Sean Amoss (RETIRED) gentoo-dev Security 2012-11-02 00:25:01 UTC
Thanks, everyone.

Already on existing GLSA draft, ready for review.
Comment 7 James Le Cuirot gentoo-dev 2015-05-10 21:37:58 UTC
I'm just going to close this since no one cares. These versions have long gone.