Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
(Red Hat Issues Fix) Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1025616 |
|
SecurityTracker URL: http://securitytracker.com/id/1025616
|
|
CVE Reference:
CVE-2011-0862, CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871
(Links to External Site)
|
Date: Jun 8 2011
|
Impact:
Denial of service via network, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): JDK and JRE 6 Update 25 and prior; JDK and JRE 5.0 Update 29 and prior; SDK and JRE 1.4.2_31 and prior
|
Description:
Multiple vulnerabilities were reported in Java Runtime Environment (JRE). A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted Java applet or Java Web Start application that, when loaded by the target user, will access or modify data on the target user's system or execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
The 2D [CVE-2011-0862, CVE-2011-0868, CVE-2011-0873], AWT [CVE-2011-0815], Deployment [CVE-2011-0786, CVE-2011-0788, CVE-2011-0817, CVE-2011-0863], HotSpot [CVE-2011-0864], Sound [CVE-2011-0802, CVE-2011-0814], Swing [CVE-2011-0871], JRE [CVE-2011-0866], Networking [CVE-2011-0867], SAAJ [CVE-2011-0869], and Deserialization [CVE-2011-0865] components are affected.
A remote user can supply specially crafted data to an API to cause partial denial of service conditions. The NIO component is affected [CVE-2011-0872].
An Anonymous Reporter of TippingPoint's Zero Day Initiative; binaryproof via iDefense; binaryproof via Tipping Point; Chris Ries via Tipping Point; Hisashi Kojima of Fujitsu Laboratories via JPCERT/CC; iDefense; Marc Schoenefeld of Red Hat; Peter Vreugdenhil of TippingPoint DVLabs; and Stephen Fewer of Harmony Security via Tippingpoint reported these vulnerabilities.
|
Impact:
A remote user can create a Java applet or Java Web Start application that, when loaded by the target user, will access or modify data or execute arbitrary code on the target user's system.
A remote user can cause partial denial of service conditions on the target system.
|
Solution:
Red Hat has issued a fix for java-1.6.0-openjdk for CVE-2011-0862, CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, and CVE-2011-0871.
The Red Hat advisory is available at:
https://rhn.redhat.com/errata/RHSA-2011-0856.html
|
Vendor URL: www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
Linux (Red Hat Enterprise)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 8 Jun 2011 15:34:06 +0000
Subject: [RHSA-2011:0856-01] Critical: java-1.6.0-openjdk security update
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-openjdk security update
Advisory ID: RHSA-2011:0856-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0856.html
Issue date: 2011-06-08
CVE Names: CVE-2011-0862 CVE-2011-0864 CVE-2011-0865
CVE-2011-0867 CVE-2011-0868 CVE-2011-0869
CVE-2011-0871
=====================================================================
1. Summary:
Updated java-1.6.0-openjdk packages that fix several security issues are
now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
3. Description:
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.
Integer overflow flaws were found in the way Java2D parsed JPEG images and
user-supplied fonts. An attacker could use these flaws to execute arbitrary
code with the privileges of the user running an untrusted applet or
application. (CVE-2011-0862)
It was found that the MediaTracker implementation created Component
instances with unnecessary access privileges. A remote attacker could use
this flaw to elevate their privileges by utilizing an untrusted applet or
application that uses Swing. (CVE-2011-0871)
A flaw was found in the HotSpot component in OpenJDK. Certain bytecode
instructions confused the memory management within the Java Virtual Machine
(JVM), resulting in an applet or application crashing. (CVE-2011-0864)
An information leak flaw was found in the NetworkInterface class. An
untrusted applet or application could use this flaw to access information
about available network interfaces that should only be available to
privileged code. (CVE-2011-0867)
An incorrect float-to-long conversion, leading to an overflow, was found
in the way certain objects (such as images and text) were transformed in
Java2D. A remote attacker could use this flaw to crash an untrusted applet
or application that uses Java2D. (CVE-2011-0868)
It was found that untrusted applets and applications could misuse a SOAP
connection to incorrectly set global HTTP proxy settings instead of
setting them in a local scope. This flaw could be used to intercept HTTP
requests. (CVE-2011-0869)
A flaw was found in the way signed objects were deserialized. If trusted
and untrusted code were running in the same Java Virtual Machine (JVM), and
both were deserializing the same signed object, the untrusted code could
modify said object by using this flaw to bypass the validation checks on
signed objects. (CVE-2011-0865)
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
5. Bugs fixed (http://bugzilla.redhat.com/):
706106 - CVE-2011-0865 OpenJDK: Deserialization allows creation of mutable SignedObject (Deserialization, 6618658)
706139 - CVE-2011-0862 OpenJDK: integer overflows in JPEGImageReader and font SunLayoutEngine (2D, 7013519)
706153 - CVE-2011-0867 OpenJDK: NetworkInterface information leak (Networking, 7013969)
706234 - CVE-2011-0869 OpenJDK: unprivileged proxy settings change via SOAPConnection (SAAJ, 7013971)
706241 - CVE-2011-0868 OpenJDK: incorrect numeric type conversion in TransformHelper (2D, 7016495)
706245 - CVE-2011-0864 OpenJDK: JVM memory corruption via certain bytecode (HotSpot, 7020373)
706248 - CVE-2011-0871 OpenJDK: MediaTracker created Component instances with unnecessary privileges (Swing, 7020198)
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.src.rpm
i386:
java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.src.rpm
i386:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.src.rpm
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.src.rpm
x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.src.rpm
i386:
java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.src.rpm
i386:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.src.rpm
i386:
java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.src.rpm
i386:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2011-0862.html
https://www.redhat.com/security/data/cve/CVE-2011-0864.html
https://www.redhat.com/security/data/cve/CVE-2011-0865.html
https://www.redhat.com/security/data/cve/CVE-2011-0867.html
https://www.redhat.com/security/data/cve/CVE-2011-0868.html
https://www.redhat.com/security/data/cve/CVE-2011-0869.html
https://www.redhat.com/security/data/cve/CVE-2011-0871.html
https://access.redhat.com/security/updates/classification/#critical
http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFN75YqXlSAg2UNWIIRAlBKAKClCyX90oW4eltdVV/vajlMlYbQgwCdGN2d
yrHvlWpvxN7otj1+DuhxohQ=
=bLPt
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
|
|
Go to the Top of This SecurityTracker Archive Page
|
