Mandriva Linux Security Advisory 2013-095 - Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Various other issues were also addressed.
45b414ad1d7bafe7ea541cbe9a5e727f7af41ca7e2b60153b3a757f05bea9ebe-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:095
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : java-1.7.0-openjdk
Date : April 10, 2013
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated java-1.7.0-openjdk packages fix security vulnerabilities:
Two improper permission check issues were discovered in the reflection
API in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions (CVE-2012-3174,
CVE-2013-0422).
Multiple improper permission check issues were discovered in the AWT,
CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted
Java application or applet could use these flaws to bypass Java
sandbox restrictions (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,
CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,
CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0444).
Multiple flaws were found in the way image parsers in the 2D and AWT
components handled image raster parameters. A specially-crafted image
could cause Java Virtual Machine memory corruption and, possibly,
lead to arbitrary code execution with the virtual machine privileges
(CVE-2013-1478, CVE-2013-1480).
A flaw was found in the AWT component's clipboard handling code. An
untrusted Java application or applet could use this flaw to access
clipboard data, bypassing Java sandbox restrictions (CVE-2013-0432).
The default Java security properties configuration did not restrict
access to certain com.sun.xml.internal packages. An untrusted Java
application or applet could use this flaw to access information,
bypassing certain Java sandbox restrictions. This update lists the
whole package as restricted (CVE-2013-0435).
Multiple improper permission check issues were discovered in the
JMX, Libraries, Networking, and JAXP components. An untrusted Java
application or applet could use these flaws to bypass certain Java
sandbox restrictions (CVE-2013-0431, CVE-2013-0427, CVE-2013-0433,
CVE-2013-0434).
It was discovered that the RMI component's CGIHandler class used
user inputs in error messages without any sanitization. An attacker
could use this flaw to perform a cross-site scripting (XSS) attack
(CVE-2013-0424).
It was discovered that the SSL/TLS implementation in the JSSE component
did not properly enforce handshake message ordering, allowing an
unlimited number of handshake restarts. A remote attacker could use
this flaw to make an SSL/TLS server using JSSE consume an excessive
amount of CPU by continuously restarting the handshake (CVE-2013-0440).
It was discovered that the JSSE component did not properly validate
Diffie-Hellman public keys. An SSL/TLS client could possibly use this
flaw to perform a small subgroup attack (CVE-2013-0443).
Multiple improper permission check issues were discovered in the JMX
and Libraries components in OpenJDK. An untrusted Java application
or applet could use these flaws to bypass Java sandbox restrictions
(CVE-2013-1486, CVE-2013-1484).
An improper permission check issue was discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
this flaw to bypass certain Java sandbox restrictions (CVE-2013-1485).
It was discovered that OpenJDK leaked timing information when
decrypting TLS/SSL protocol encrypted records when CBC-mode cipher
suites were used. A remote attacker could possibly use this flaw to
retrieve plain text from the encrypted packets by using a TLS/SSL
server as a padding oracle (CVE-2013-0169).
An integer overflow flaw was found in the way the 2D component
handled certain sample model instances. A specially-crafted sample
model instance could cause Java Virtual Machine memory corruption
and, possibly, lead to arbitrary code execution with virtual machine
privileges (CVE-2013-0809).
It was discovered that the 2D component did not properly reject certain
malformed images. Specially-crafted raster parameters could cause Java
Virtual Machine memory corruption and, possibly, lead to arbitrary
code execution with virtual machine privileges (CVE-2013-1493).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0088
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
b951d387ee818e0b204cb1a239ac2ae1 mbs1/x86_64/java-1.7.0-openjdk-1.7.0.6-2.3.8.1.1.mbs1.x86_64.rpm
00676ff0eefe12d69e0b93ee4f9ac8c4 mbs1/x86_64/java-1.7.0-openjdk-demo-1.7.0.6-2.3.8.1.1.mbs1.x86_64.rpm
3733ddb46d4ba9fe639d90271c1113c3 mbs1/x86_64/java-1.7.0-openjdk-devel-1.7.0.6-2.3.8.1.1.mbs1.x86_64.rpm
1d47fd14d7fe3a20d81c5cf808e75fe6 mbs1/x86_64/java-1.7.0-openjdk-javadoc-1.7.0.6-2.3.8.1.1.mbs1.noarch.rpm
baab88a94f04c3c3f0fc322fe2562c9b mbs1/x86_64/java-1.7.0-openjdk-src-1.7.0.6-2.3.8.1.1.mbs1.x86_64.rpm
d019dda16506ffb609ae8ce66a7cda7c mbs1/SRPMS/java-1.7.0-openjdk-1.7.0.6-2.3.8.1.1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFRZQ6mmqjQ0CJFipgRArrgAKCPZMbOA1UtXaG4tQd9CKEggT1x/gCfYfXv
8XJUrvALufbbaHuyChk9zik=
=TGuI
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed