Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 438706 (CVE-2012-1531) - <app-emulation/emul-linux-x86-java-1.6.0.37; <dev-java/sun-{jdk,jre-bin}-1.6.0.37; <dev-java/oracle-{jdk,jre}-bin-1.7.0.9: multiple vulnerabilities (CVE-2012-{1531,1532,1533,3143,3159,3216,4416,5067,5068,5069,5070,5071,5072,5073,5074,5075,5076,5077,...})
Summary: <app-emulation/emul-linux-x86-java-1.6.0.37; <dev-java/sun-{jdk,jre-bin}-1.6....
Status: RESOLVED FIXED
Alias: CVE-2012-1531
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.oracle.com/technetwork/top...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-10-17 14:06 UTC by Ralph Sennhauser (RETIRED)
Modified: 2014-01-27 01:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ralph Sennhauser (RETIRED) gentoo-dev 2012-10-17 14:06:58 UTC
Another security release from Oracle. See URL. Version bumps follow.
Comment 1 Ralph Sennhauser (RETIRED) gentoo-dev 2012-10-17 16:05:43 UTC
Added to tree:
=app-emulation/emul-linux-x86-java-1.6.0.37
=dev-java/sun-jdk-1.6.0.37
=dev-java/sun-jre-bin-1.6.0.37
=dev-java/oracle-jdk-bin-1.7.0.9
=dev-java/oracle-jre-bin-1.7.0.9

@Amd64: please stabilize:
=app-emulation/emul-linux-x86-java-1.6.0.37
=dev-java/sun-jdk-1.6.0.37
=dev-java/sun-jre-bin-1.6.0.37

@x86: please stabilize:
=dev-java/sun-jdk-1.6.0.37
=dev-java/sun-jre-bin-1.6.0.37
=dev-java/oracle-jdk-bin-1.7.0.9
=dev-java/oracle-jre-bin-1.7.0.9
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2012-10-17 22:44:05 UTC
CVE-2012-5089 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0
  Update 36 and earlier allows remote attackers to affect confidentiality,
  integrity, and availability, related to JMX.

CVE-2012-5088 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors related to
  Libraries.

CVE-2012-5087 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors related to
  Beans.

CVE-2012-5086 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to Beans.

CVE-2012-5085 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update
  36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users
  to have an unspecified impact via unknown vectors related to Networking. 
  NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so,
  then this is not a vulnerability and this issue should not be included in
  CVE.

CVE-2012-5084 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update
  36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors related to
  Swing.

CVE-2012-5083 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update
  36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to 2D.

CVE-2012-5081 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update
  36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect
  availability, related to JSSE.

CVE-2012-5079 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update
  36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect
  integrity via unknown vectors related to Libraries.

CVE-2012-5077 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update
  36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect
  confidentiality via unknown vectors related to Security.

CVE-2012-5076 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability, related to JAX-WS.

CVE-2012-5075 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0
  Update 36 and earlier allows remote attackers to affect confidentiality,
  related to JMX.

CVE-2012-5074 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect
  confidentiality and integrity, related to JAX-WS.

CVE-2012-5073 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update
  36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect
  integrity via unknown vectors related to Libraries.

CVE-2012-5072 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows
  remote attackers to affect confidentiality via unknown vectors related to
  Security.

CVE-2012-5071 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0
  Update 36 and earlier allows remote attackers to affect confidentiality and
  integrity, related to JMX.

CVE-2012-5070 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect
  confidentiality, related to JMX.

CVE-2012-5069 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0
  Update 36 and earlier allows remote attackers to affect confidentiality and
  integrity via unknown vectors related to Concurrency.

CVE-2012-5068 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to Libraries.

CVE-2012-5067 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect
  confidentiality via unknown vectors related to Deployment.

CVE-2012-4416 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows
  remote attackers to affect confidentiality and integrity via unknown vectors
  related to Hotspot.

CVE-2012-3216 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update
  36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect
  confidentiality via unknown vectors related to Libraries.

CVE-2012-3159 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to Deployment.

CVE-2012-3143 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0
  Update 36 and earlier allows remote attackers to affect confidentiality,
  integrity, and availability, related to JMX.

CVE-2012-1533 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to Deployment.

CVE-2012-1532 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to Deployment.

CVE-2012-1531 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update
  36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to 2D.
Comment 3 Agostino Sarubbo gentoo-dev 2012-10-21 11:00:00 UTC
amd64 stable
Comment 4 Andreas Schürch gentoo-dev 2012-10-23 05:09:12 UTC
x86 done, last arch!
Comment 5 Sean Amoss gentoo-dev Security 2012-10-23 19:22:31 UTC
Thanks, everyone.

On existing GLSA draft, ready for review.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-01-27 01:27:47 UTC
This issue was resolved and addressed in
 GLSA 201401-30 at http://security.gentoo.org/glsa/glsa-201401-30.xml
by GLSA coordinator Sean Amoss (ackle).