Gentoo Linux Security Advisory 201401-30 - Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Versions less than or equal to 1.6.0.45 are affected.
72f2aefba431a697c1d570fbb434eb79207fb4a72606cbe6c7ddb60e387613d9Red Hat Security Advisory 2013-1456-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.5. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.
5f2a4d8e195f018a24a54b255421a802c2fe7798ae208c88ddb47eb51cc14a7cZero Day Initiative Advisory 12-197 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the java.beans.Expression class. Due to unsafe handling of reflection of privileged classes inside the Expression class it is possible for untrusted code to gain access to privileged methods and properties. This can result in remote code execution under the context of the current process.
ab077c5911707f711c03cad8779312d19da18745a195309341ce3f0c4369034aRed Hat Security Advisory 2012-1466-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
dcb8bd737ba4072478a3c303c96ea0d3e9b576cc91571851ac14024df73257dfHP Security Bulletin HPSBUX02824 SSRT100970 2 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX.These vulnerabilities could allow remote execution of arbitrary code and other vulnerabilities. Revision 2 of this advisory.
2ec3aa87e1b79d4f333300ca6e1febbfc596b53a6b7d55d6348707edcd684d92HP Security Bulletin HPSBUX02824 SSRT100970 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code and other vulnerabilities. Revision 1 of this advisory.
78f272422d048e4e353a3f120e9e9677eea2dbf0861182ca760963e7f7893d0eMandriva Linux Security Advisory 2012-150 - Multiple security issues were identified and fixed in OpenJDK (icedtea6). Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited. The updated packages provides icedtea6-1.11.4 which is not vulnerable to these issues.
7933914a5bd0818fcc659f45b174483e1b7b9524862e2697b1d2a54a18803dadRed Hat Security Advisory 2012-1289-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
657644f7487d43a6a320e6729072c650693e5a423f6a77714f52c2375cbe2a88Mandriva Linux Security Advisory 2012-150 - Multiple security issues were identified and fixed in OpenJDK (icedtea6). Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited. Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. The updated packages provides icedtea6-1.11.4 which is not vulnerable to these issues.
4bfa17b7098f6e2c6b7678f9506d7fa5de8ab39ee5ca722cdb0ec0a9af2dd5e2Red Hat Security Advisory 2012-1225-01 - The Oracle Java 7 release includes the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. This update fixes several vulnerabilities in the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. Red Hat is aware that a public exploit for CVE-2012-4681 is available that executes code without user interaction when a user visits a malicious web page using a browser with the Oracle Java 7 web browser plug-in enabled.
0a6cdd665ac16a0cd7ac167fb287cd0b6adf83eb85e9db6ab51abe1210ec6c5bUbuntu Security Notice 1553-1 - It was discovered that the Beans component in OpenJDK 6 did not properly prevent access to restricted classes. A remote attacker could use this to create an untrusted Java applet or application that would bypass Java sandbox restrictions. It was discovered that functionality in the AWT component in OpenJDK 6 made it easier for a remote attacker, in conjunction with other vulnerabilities, to bypass Java sandbox restrictions. Various other issues were also addressed.
464e625fa0601dea6a9568c0973bd4e8489de6aa3a09706951020fecc7e37c25Red Hat Security Advisory 2012-1223-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions.
c8a2a55ff75a56524dfeed778f8b5ae4ae2fea089a71f0458d5bc4dbdb0b96dbRed Hat Security Advisory 2012-1221-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions.
fe0f3ffa9b26f62921d7bf043c0a586cb389be536f87f4d9902a2e26b8f97188Red Hat Security Advisory 2012-1222-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions.
ffee95315f921c71eb41404d34da3764a54d9f7b6f7661052c87a0d36aa0e946
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed