what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2012-150

Mandriva Linux Security Advisory 2012-150
Posted Sep 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-150 - Multiple security issues were identified and fixed in OpenJDK (icedtea6). Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited. Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. The updated packages provides icedtea6-1.11.4 which is not vulnerable to these issues.

tags | advisory, java, remote, vulnerability
systems | linux, mandriva
advisories | CVE-2012-0547, CVE-2012-1682
SHA-256 | 4bfa17b7098f6e2c6b7678f9506d7fa5de8ab39ee5ca722cdb0ec0a9af2dd5e2

Mandriva Linux Security Advisory 2012-150

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:150
http://www.mandriva.com/security/
_______________________________________________________________________

Package : java-1.6.0-openjdk
Date : September 10, 2012
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple security issues were identified and fixed in OpenJDK
(icedtea6):

Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34
and earlier, has no impact and remote attack vectors involving AWT
and a security-in-depth issue that is not directly exploitable but
which can be used to aggravate security vulnerabilities that can be
directly exploited. NOTE: this identifier was assigned by the Oracle
CNA, but CVE is not intended to cover defense-in-depth issues that are
only exposed by the presence of other vulnerabilities (CVE-2012-0547).

Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 6 and earlier allows remote
attackers to affect confidentiality, integrity, and availability
via unknown vectors related to Beans, a different vulnerability than
CVE-2012-3136 (CVE-2012-1682).

The updated packages provides icedtea6-1.11.4 which is not vulnerable
to these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1682
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
286dbb39a335671d71463907eb367c30 mes5/i586/java-1.6.0-openjdk-1.6.0.0-34.b24.1mdvmes5.2.i586.rpm
e5f5fc7abaf8c9cfd7bb6497c0bdce82 mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-34.b24.1mdvmes5.2.i586.rpm
088aa2775b4e66dede9492d4cd51f8ec mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-34.b24.1mdvmes5.2.i586.rpm
b628e97ddf02083759cc434019eafc99 mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-34.b24.1mdvmes5.2.i586.rpm
05fbc9d227be560f44c4c7dab844f5d9 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-34.b24.1mdvmes5.2.i586.rpm
99a8a99f80ae162704ad4bdb5cee3f03 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-34.b24.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
35672929025893cc919f96f6a3f5a64d mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-34.b24.1mdvmes5.2.x86_64.rpm
aba364efac24a36a18701730a431316f mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-34.b24.1mdvmes5.2.x86_64.rpm
2ab69f1c6eb159fae58ef41b0c6db727 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-34.b24.1mdvmes5.2.x86_64.rpm
4c9dd84ed0e30d56032bf43aca6625bd mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-34.b24.1mdvmes5.2.x86_64.rpm
96172e0de881538984e6e1086d383030 mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-34.b24.1mdvmes5.2.x86_64.rpm
99a8a99f80ae162704ad4bdb5cee3f03 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-34.b24.1mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQTc2ymqjQ0CJFipgRAtdPAJ4okhZyCQ9BTpmAn4JPjXoPrVw9pACg4YXC
RMZdy7VbZqL5+9SfkTIRYzg=
=xDgA
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close