SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Oracle Java SE Vendors:   Oracle, Sun
(CentOS Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access and Modify Data, Deny Service, and Gain Elevated Privileges and Remote and Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1038972
SecurityTracker URL:  http://securitytracker.com/id/1038972
CVE Reference:   CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10115, CVE-2017-10116, CVE-2017-10135, CVE-2017-10193, CVE-2017-10198   (Links to External Site)
Date:  Jul 21 2017
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6 Update 151, 7 Update 141, 8 Update 131
Description:   Multiple vulnerabilities were reported in Oracle Java SE. A remote user can access and modify data on the target system. A remote or local user can obtain elevated privileges on the target system. A remote user can cause denial of service conditions on the target system.

A remote user can exploit a flaw in the AWT component to gain elevated privileges [CVE-2017-10110].

A remote user can exploit a flaw in the ImageIO component to gain elevated privileges [CVE-2017-10089].

A remote user can exploit a flaw in the JavaFX component to gain elevated privileges [CVE-2017-10086].

A remote user can exploit a flaw in the JAXP component to gain elevated privileges [CVE-2017-10096].

A remote user can exploit a flaw in the JAXP component to gain elevated privileges [CVE-2017-10101].

A remote user can exploit a flaw in the Libraries component to gain elevated privileges [CVE-2017-10087, CVE-2017-10090, CVE-2017-10111].

A remote user can exploit a flaw in the RMI component to gain elevated privileges [CVE-2017-10107, CVE-2017-10102].

A remote user can exploit a flaw in the JavaFX component to gain elevated privileges [CVE-2017-10114].

A remote user can exploit a flaw in the Hotspot component to gain elevated privileges [CVE-2017-10074].

A remote user can exploit a flaw in the Security component to gain elevated privileges [CVE-2017-10116].

A remote authenticated user can exploit a flaw in the Scripting component to access and modify data [CVE-2017-10078].

A remote user can exploit a flaw in the Security component to gain elevated privileges [CVE-2017-10067].

A remote user can exploit a flaw in the JCE component to access data [CVE-2017-10115, CVE-2017-10118].

A remote user can exploit a flaw in the Security component to access data [CVE-2017-10176].

A remote authenticated user can exploit a flaw in the Server component to partially access data, partially modify data, and partially deny service [CVE-2017-10104, CVE-2017-10145].

A local user can exploit a flaw in the Deployment component to gain elevated privileges [CVE-2017-10125].

A remote user can exploit a flaw in the Security component to access data [CVE-2017-10198].

A remote user can exploit a flaw in the JAX-WS component to partially access data and cause partial denial of service conditions [CVE-2017-10243].

A remote user can exploit a flaw in the Server component to partially access and partially modify data [CVE-2017-10121].

A remote user can exploit a flaw in the JCE component to access data [CVE-2017-10135].

A remote user can exploit a flaw in the Server component to partially access data [CVE-2017-10117].

A remote user can exploit a flaw in the 2D component to cause partial denial of service conditions [CVE-2017-10053].

A remote user can exploit a flaw in the Serialization component to cause partial denial of service conditions [CVE-2017-10108, CVE-2017-10109].

A remote user can exploit a flaw in the Deployment component to partially modify data [CVE-2017-10105].

A remote user can exploit a flaw in the Hotspot component to partially modify data [CVE-2017-10081].

A remote user can exploit a flaw in the Security component to partially access data [CVE-2017-10193].

Shannon Hickey of Adobe, Moritz Bechler, Gaston Traberg of Onapsis, Daniel Bleichenbacher of Google, Marcus Mengs, Ilya Maykov, and Antonio Sanso reported some of these vulnerabilities.

Impact:   A remote user can obtain data on the target system.

A remote user can modify data on the target system.

A remote user can cause denial of service conditions.

A local user can obtain elevated privileges on the target system.

A remote user can gain elevated privileges on the target system.

Solution:   CentOS has issued a fix for CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10115, CVE-2017-10116, CVE-2017-10135, CVE-2017-10193, and CVE-2017-10198.

i386:
f52e4ad097d13678088a4e75b78f77b16ca66c046c5783abcba212654dc36970 java-1.8.0-openjdk-1.8.0.141-2.b16.el6_9.i686.rpm
3a6e22d84f5abeec393247fc3cb1530ab93da5f068a002ba92ee861ae258d0e0 java-1.8.0-openjdk-debug-1.8.0.141-2.b16.el6_9.i686.rpm
bffa9cb71ea43f4753a846b9450da2e8b7b81bd94e4484d809934cd17268e375 java-1.8.0-openjdk-demo-1.8.0.141-2.b16.el6_9.i686.rpm
4cce6815f6360c532d491d52e4b142a3309e8b57468609d597102b6d9e5cc7a6 java-1.8.0-openjdk-demo-debug-1.8.0.141-2.b16.el6_9.i686.rpm
54f92980aefab61f850923cf91d3f17fdc69e987d4ad84b3c490e2cd83ea31a6 java-1.8.0-openjdk-devel-1.8.0.141-2.b16.el6_9.i686.rpm
fa7bb77a495ee1401e9951cb704a8660e86a374e67547173e4a07f16260a1285 java-1.8.0-openjdk-devel-debug-1.8.0.141-2.b16.el6_9.i686.rpm
a4d3a7d676b3a1150eccb624eaf132094109ae644645b5e9fadf08a948f9dc97 java-1.8.0-openjdk-headless-1.8.0.141-2.b16.el6_9.i686.rpm
9ec95b88d7c6964e769e666451636934daa62a06a4de02dd979601f41d90bd0d java-1.8.0-openjdk-headless-debug-1.8.0.141-2.b16.el6_9.i686.rpm
4dba092ad163f12f2baa26b8df729a0ef48042290a0c4bb0820d0705a64615c7 java-1.8.0-openjdk-javadoc-1.8.0.141-2.b16.el6_9.noarch.rpm
b2f21bbd6e97ad285088cdf254ae3bd3e80bc1fef92f53622852a35aaee625e3 java-1.8.0-openjdk-javadoc-debug-1.8.0.141-2.b16.el6_9.noarch.rpm
9ad05542df8705ca50458b913f87bf00d0e614e7fa4f61cafd2ef926b024bbe2 java-1.8.0-openjdk-src-1.8.0.141-2.b16.el6_9.i686.rpm
0a46d8e8f5f6ccd3423d6a88b806dbd9bba65cc8dae4afa0734a74e90c56fce8 java-1.8.0-openjdk-src-debug-1.8.0.141-2.b16.el6_9.i686.rpm

x86_64:
d6f873e3cf402ec86b6787e47d048f16ee0e46c479183c4a3ed91686e8dd3283 java-1.8.0-openjdk-1.8.0.141-2.b16.el6_9.x86_64.rpm
5cd11249fdfd267fe826a81e2f72db50f773874408a265654d24442f3567e5da java-1.8.0-openjdk-debug-1.8.0.141-2.b16.el6_9.x86_64.rpm
c007905d767920d1cd312a08b034abf1aae58e33a2ccb87f880e73ddb35f0a5e java-1.8.0-openjdk-demo-1.8.0.141-2.b16.el6_9.x86_64.rpm
0930f7131581917e8d038db37fa4f567ee2054729a201da3793c543efa9d5440 java-1.8.0-openjdk-demo-debug-1.8.0.141-2.b16.el6_9.x86_64.rpm
8d86dc26bc1dbccc86f68facefac5a528c4471d69ab984f696f40e08a03e4f97 java-1.8.0-openjdk-devel-1.8.0.141-2.b16.el6_9.x86_64.rpm
aaa7c5cc5b260277e471b65f26b5dfba40dc408091d5b35c8e1961907bc05da0 java-1.8.0-openjdk-devel-debug-1.8.0.141-2.b16.el6_9.x86_64.rpm
fb8f39171b2825b3c02ca0b3dd1933c20044fe43192db05125de3d487176ad4d java-1.8.0-openjdk-headless-1.8.0.141-2.b16.el6_9.x86_64.rpm
fb65ce188c11cb677cab4c268511a648a065ea0aa74c319c519229a1ef8496c0 java-1.8.0-openjdk-headless-debug-1.8.0.141-2.b16.el6_9.x86_64.rpm
4dba092ad163f12f2baa26b8df729a0ef48042290a0c4bb0820d0705a64615c7 java-1.8.0-openjdk-javadoc-1.8.0.141-2.b16.el6_9.noarch.rpm
b2f21bbd6e97ad285088cdf254ae3bd3e80bc1fef92f53622852a35aaee625e3 java-1.8.0-openjdk-javadoc-debug-1.8.0.141-2.b16.el6_9.noarch.rpm
9168f6aa93be930be869f7f1eabb39fb5ff26768c4e70a6b7be73d2e43a4f1bb java-1.8.0-openjdk-src-1.8.0.141-2.b16.el6_9.x86_64.rpm
b226fb799e77db44bcd875043d385a0863f027e98036bf05318ba68567a54a48 java-1.8.0-openjdk-src-debug-1.8.0.141-2.b16.el6_9.x86_64.rpm

Source:
8661435a6023919fb61977e19566d75143a782482866ab55114873a83a1982dc java-1.8.0-openjdk-1.8.0.141-2.b16.el6_9.src.rpm

x86_64:
edb8077e58e41caaa199362bc57724007cc15952b2dea1bb35f120aa61400698 java-1.8.0-openjdk-1.8.0.141-1.b16.el7_3.i686.rpm
6717ac7dc584e61c8bf68171b322331d6eac8c8a7d9a4a5fd662a4bf4efa794f java-1.8.0-openjdk-1.8.0.141-1.b16.el7_3.x86_64.rpm
ad904ba554b4ebaf47a8c9e1087513cadba468e1c225cc1bb02990e5643208b1 java-1.8.0-openjdk-accessibility-1.8.0.141-1.b16.el7_3.x86_64.rpm
d7eb40e252335322f7678b561e6e11d41c85a9e469d42801007f9b4e617a4d34 java-1.8.0-openjdk-accessibility-debug-1.8.0.141-1.b16.el7_3.x86_64.rpm
716ef81de6147878ea1ff9c8dd9ea324f2de4b65216df9c95db9319cf51c230c java-1.8.0-openjdk-debug-1.8.0.141-1.b16.el7_3.i686.rpm
b5d1c62ed70d1c1cb960e9896e876a6a27e5429cf2f8c41f603e7d57f8a9f42f java-1.8.0-openjdk-debug-1.8.0.141-1.b16.el7_3.x86_64.rpm
6c6722f43edf530ad67c0778c866491c0aef703e26dbefc9ddc1f6857ecb1600 java-1.8.0-openjdk-demo-1.8.0.141-1.b16.el7_3.x86_64.rpm
00eaae7219cab8370c36f50b799786ca01cfbf299a34ce7d307ef1ee120768ab java-1.8.0-openjdk-demo-debug-1.8.0.141-1.b16.el7_3.x86_64.rpm
ca56200f35f8228bbfb29a0d9c89ad9e580e275b30c3b228e512d703b6a272dd java-1.8.0-openjdk-devel-1.8.0.141-1.b16.el7_3.i686.rpm
995f62425703a173bea32d04971507b042d0d36eeb6fdb032c695f8a471d5c4a java-1.8.0-openjdk-devel-1.8.0.141-1.b16.el7_3.x86_64.rpm
eca771e28f8e82bbffe0c740fd6be956be157380643d0959fc2dfd44f858b794 java-1.8.0-openjdk-devel-debug-1.8.0.141-1.b16.el7_3.i686.rpm
eb8c47a56da6401ccaac6096dee2748f37fe74f3b7ae39bac69de3495aa5c56a java-1.8.0-openjdk-devel-debug-1.8.0.141-1.b16.el7_3.x86_64.rpm
360abe6e43018ff4964fb71cb9b1fbf4dd9b9944ea9d2bfbd4ecbe9bdc00608a java-1.8.0-openjdk-headless-1.8.0.141-1.b16.el7_3.i686.rpm
53e7df3b218f9522fb054774b66a44b050fee2389249c1c9c03004fa7b02a173 java-1.8.0-openjdk-headless-1.8.0.141-1.b16.el7_3.x86_64.rpm
c2299a3f9ad8bfe12774793563da01e076e5c98a74de81b49cbe8a55f80aa413 java-1.8.0-openjdk-headless-debug-1.8.0.141-1.b16.el7_3.i686.rpm
10cebec92938e045f77848abd64225cddab79966794dc026a3d58d5e373deafa java-1.8.0-openjdk-headless-debug-1.8.0.141-1.b16.el7_3.x86_64.rpm
473b0bdcdbaf70deb36b34808a6eb81968c3997d60d78d6f761acfa0deb4d719 java-1.8.0-openjdk-javadoc-1.8.0.141-1.b16.el7_3.noarch.rpm
8df058a609ea6e8a7d660c0c9dce9f260e0fa5040de9f375081e1116e8963843 java-1.8.0-openjdk-javadoc-debug-1.8.0.141-1.b16.el7_3.noarch.rpm
c6170ee7c3056c116eb1ac878f989455b087edfdf1f00afa150bbd1dd80c142d java-1.8.0-openjdk-javadoc-zip-1.8.0.141-1.b16.el7_3.noarch.rpm
3a6f2679d7b1c51c8a5f8d497ada36914fab880311eef66ed384b0947ee1146d java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.141-1.b16.el7_3.noarch.rpm
cc08abb15e61118c147cf42febd1d7b759680b6a3726fc4e1017a8d4fa106176 java-1.8.0-openjdk-src-1.8.0.141-1.b16.el7_3.x86_64.rpm
4244b40b9d9d104764454e1f9f1346528e8a6c1b64734e97513c1f88b3d50b2b java-1.8.0-openjdk-src-debug-1.8.0.141-1.b16.el7_3.x86_64.rpm

Source:
3648961c8cb07f0426f5cb9b688737664afd5188095ee5630008c207a7f23274 java-1.8.0-openjdk-1.8.0.141-1.b16.el7_3.src.rpm

Cause:   Not specified
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6, 7

Message History:   This archive entry is a follow-up to the message listed below.
Jul 18 2017 Oracle Java SE Multiple Flaws Let Remote Users Access and Modify Data, Deny Service, and Gain Elevated Privileges and Remote and Local Users Gain Elevated Privileges



 Source Message Contents

Subject:  [CentOS-announce] CESA-2017:1789 Critical CentOS 6 java-1.8.0-openjdk Security Update


CentOS Errata and Security Advisory 2017:1789 Critical

Upstream details at : https://access.redhat.com/errata/RHSA-2017:1789

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
f52e4ad097d13678088a4e75b78f77b16ca66c046c5783abcba212654dc36970  java-1.8.0-openjdk-1.8.0.141-2.b16.el6_9.i686.rpm
3a6e22d84f5abeec393247fc3cb1530ab93da5f068a002ba92ee861ae258d0e0  java-1.8.0-openjdk-debug-1.8.0.141-2.b16.el6_9.i686.rpm
bffa9cb71ea43f4753a846b9450da2e8b7b81bd94e4484d809934cd17268e375  java-1.8.0-openjdk-demo-1.8.0.141-2.b16.el6_9.i686.rpm
4cce6815f6360c532d491d52e4b142a3309e8b57468609d597102b6d9e5cc7a6  java-1.8.0-openjdk-demo-debug-1.8.0.141-2.b16.el6_9.i686.rpm
54f92980aefab61f850923cf91d3f17fdc69e987d4ad84b3c490e2cd83ea31a6  java-1.8.0-openjdk-devel-1.8.0.141-2.b16.el6_9.i686.rpm
fa7bb77a495ee1401e9951cb704a8660e86a374e67547173e4a07f16260a1285  java-1.8.0-openjdk-devel-debug-1.8.0.141-2.b16.el6_9.i686.rpm
a4d3a7d676b3a1150eccb624eaf132094109ae644645b5e9fadf08a948f9dc97  java-1.8.0-openjdk-headless-1.8.0.141-2.b16.el6_9.i686.rpm
9ec95b88d7c6964e769e666451636934daa62a06a4de02dd979601f41d90bd0d  java-1.8.0-openjdk-headless-debug-1.8.0.141-2.b16.el6_9.i686.rpm
4dba092ad163f12f2baa26b8df729a0ef48042290a0c4bb0820d0705a64615c7  java-1.8.0-openjdk-javadoc-1.8.0.141-2.b16.el6_9.noarch.rpm
b2f21bbd6e97ad285088cdf254ae3bd3e80bc1fef92f53622852a35aaee625e3  java-1.8.0-openjdk-javadoc-debug-1.8.0.141-2.b16.el6_9.noarch.rpm
9ad05542df8705ca50458b913f87bf00d0e614e7fa4f61cafd2ef926b024bbe2  java-1.8.0-openjdk-src-1.8.0.141-2.b16.el6_9.i686.rpm
0a46d8e8f5f6ccd3423d6a88b806dbd9bba65cc8dae4afa0734a74e90c56fce8  java-1.8.0-openjdk-src-debug-1.8.0.141-2.b16.el6_9.i686.rpm

x86_64:
d6f873e3cf402ec86b6787e47d048f16ee0e46c479183c4a3ed91686e8dd3283  java-1.8.0-openjdk-1.8.0.141-2.b16.el6_9.x86_64.rpm
5cd11249fdfd267fe826a81e2f72db50f773874408a265654d24442f3567e5da  java-1.8.0-openjdk-debug-1.8.0.141-2.b16.el6_9.x86_64.rpm
c007905d767920d1cd312a08b034abf1aae58e33a2ccb87f880e73ddb35f0a5e  java-1.8.0-openjdk-demo-1.8.0.141-2.b16.el6_9.x86_64.rpm
0930f7131581917e8d038db37fa4f567ee2054729a201da3793c543efa9d5440  java-1.8.0-openjdk-demo-debug-1.8.0.141-2.b16.el6_9.x86_64.rpm
8d86dc26bc1dbccc86f68facefac5a528c4471d69ab984f696f40e08a03e4f97  java-1.8.0-openjdk-devel-1.8.0.141-2.b16.el6_9.x86_64.rpm
aaa7c5cc5b260277e471b65f26b5dfba40dc408091d5b35c8e1961907bc05da0  java-1.8.0-openjdk-devel-debug-1.8.0.141-2.b16.el6_9.x86_64.rpm
fb8f39171b2825b3c02ca0b3dd1933c20044fe43192db05125de3d487176ad4d  java-1.8.0-openjdk-headless-1.8.0.141-2.b16.el6_9.x86_64.rpm
fb65ce188c11cb677cab4c268511a648a065ea0aa74c319c519229a1ef8496c0  java-1.8.0-openjdk-headless-debug-1.8.0.141-2.b16.el6_9.x86_64.rpm
4dba092ad163f12f2baa26b8df729a0ef48042290a0c4bb0820d0705a64615c7  java-1.8.0-openjdk-javadoc-1.8.0.141-2.b16.el6_9.noarch.rpm
b2f21bbd6e97ad285088cdf254ae3bd3e80bc1fef92f53622852a35aaee625e3  java-1.8.0-openjdk-javadoc-debug-1.8.0.141-2.b16.el6_9.noarch.rpm
9168f6aa93be930be869f7f1eabb39fb5ff26768c4e70a6b7be73d2e43a4f1bb  java-1.8.0-openjdk-src-1.8.0.141-2.b16.el6_9.x86_64.rpm
b226fb799e77db44bcd875043d385a0863f027e98036bf05318ba68567a54a48  java-1.8.0-openjdk-src-debug-1.8.0.141-2.b16.el6_9.x86_64.rpm

Source:
8661435a6023919fb61977e19566d75143a782482866ab55114873a83a1982dc  java-1.8.0-openjdk-1.8.0.141-2.b16.el6_9.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC