SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java SE Vendors:   Oracle, Sun
(CentOS Issues Fix) Oracle Java SE Multiple Flaws Let Local and Remote Users Gain Elevated Privileges, Access and Modify Data, and Deny Service
SecurityTracker Alert ID:  1034817
SecurityTracker URL:  http://securitytracker.com/id/1034817
CVE Reference:   CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494   (Links to External Site)
Date:  Jan 26 2016
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Oracle Java SE. A remote user can access and modify data on the target system. A remote user can cause denial of service conditions on the target system. A remote user can gain elevated privileges.

A remote user can exploit a flaw in the Java SE and Java SE Embedded 2D components to gain elevated privileges [CVE-2016-0494].

A remote user can exploit a flaw in the Java SE, Java SE Embedded, and JRockit AWT components to gain elevated privileges [CVE-2016-0483].

A remote user can exploit a flaw in the Java SE, Java SE Embedded, and JRockit Libraries components to partially access and partially modify data [CVE-2016-0475].

A remote user can exploit a flaw in the Java SE and Java SE Embedded Networking components to partially modify data [CVE-2016-0402].

A remote user can exploit a flaw in the Java SE, Java SE Embedded, and JRockit JAXP components to cause partial denial of service conditions [CVE-2016-0466].

A remote authenticated user can exploit a flaw in the Java SE and Java SE Embedded JMX components to partially access data [CVE-2016-0448].

The following researchers reported these and other Oracle product vulnerabilities:

Adam Willard of Raytheon Foreground Security; Alexey Tyurin of ERPScan; Andrea Micalizzi aka rgod (via HP's Zero Day Initiative); Anonymous (via HP's Zero Day Initiative); Brandon Vincent; Cybersecurity-upv; David Litchfield of Google;
Dmitry Janushkevich of Secunia Research; Fernando Russ of Onapsis; FortiGuard Labs of Fortinet, Inc.; Francois Goichon of Context Information Security; Igor Kopylenko of McAfee Database Security Research Team; Ivan Chalykin of ERPScan;
Jakub Palaczynski from ING Services Polska; Karthikeyan Bhargavan, Gaetan Leurent of INRIA; Lovi Yu of Salesforce.com; Luca Carettoni; Matias Mevied of Onapsis; Mike Arnold (Bruk0ut) (via HP's Zero Day Initiative); Nassim Bouali; Nicholas Lemonias of Advanced Information Security Corporation; Nikita Kelesis of ERPScan;
Peter Kostiuk of Salesforce.com; Ryan Giobbi of American Eagle Outfitters; Sergey Gorbaty of Salesforce.com; Shai Meir of McAfee Security Research; Spyridon Chatzimichail of COSMOTE - Mobile Telecommunications S.A.; Stefan Kanthak; Stephen Kost of Integrigy; Travis Emmert of Salesforce.com; and Will Dormann of CERT/CC.

Impact:   A remote user can obtain data on the target system.

A remote user can modify data on the target system.

A remote user can cause partial denial of service conditions.

A remote user can gain elevated privileges on the target system.

Solution:   CentOS has issued a fix for CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, and CVE-2016-0494 for java-1.6.0-openjdk.

i386:
a564cd9490be5ab97d050c1a1cee2090f315dc6e8993c3bb57fac0c732c6a3d3 java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el5_11.i386.rpm
1e6e6102a88e6f8d1d99ba513f5d5bd27445c08ac35606126330dcb7eb309d8b java-1.6.0-openjdk-demo-1.6.0.38-1.13.10.0.el5_11.i386.rpm
5c5f8fed0f9e6ea7f009fa5db9f1d8517160a68470d5fa42d3b5964c730e1e12 java-1.6.0-openjdk-devel-1.6.0.38-1.13.10.0.el5_11.i386.rpm
e3a65df6870d94b0be2553dabb647892d44564fc25ce7f091a50e711fb1bb6a3 java-1.6.0-openjdk-javadoc-1.6.0.38-1.13.10.0.el5_11.i386.rpm
7596230198a5fc3d7149f94becde9cccccc1166f03b7d664500df33bae23ea67 java-1.6.0-openjdk-src-1.6.0.38-1.13.10.0.el5_11.i386.rpm

x86_64:
65e34e63b9a6d16a8019e1e7027d41438ae81722373d5847c94a0ee879a5478b java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el5_11.x86_64.rpm
3018d3ea3b1a291928891409ac60be0120863848ded1f271cc2b6a332a45b102 java-1.6.0-openjdk-demo-1.6.0.38-1.13.10.0.el5_11.x86_64.rpm
276a82950dbe20324ce1322cf2cd781466b8a0b8a155b6d7f7f46a0bce2e76d9 java-1.6.0-openjdk-devel-1.6.0.38-1.13.10.0.el5_11.x86_64.rpm
dc3173332668d4a3a75894c73ed938cf558592d49cc3e18c86e03a92ad776ba8 java-1.6.0-openjdk-javadoc-1.6.0.38-1.13.10.0.el5_11.x86_64.rpm
e14622d70222762fad88e2f2238e6ae27c8f630e0ed29dbd78c19e0d2d0fb329 java-1.6.0-openjdk-src-1.6.0.38-1.13.10.0.el5_11.x86_64.rpm

Source:
67daf7f23cfdf1dc5aecdd9d6e1fdaedf77d3863445da21200f52628ec412953 java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el5_11.src.rpm

i386:
8df06a899e26a7520bdeb3b4db31a8fe4c4686e10b2fefde977664de9c7fb658 java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el6_7.i686.rpm
b645b00280c6b2df08eff4b3ea35f7c5dadffd5c261cfab385aaf9b1b9f37c39 java-1.6.0-openjdk-demo-1.6.0.38-1.13.10.0.el6_7.i686.rpm
1a3a289f87f54ac2e0b351171f969e10c18f2b7f9068b37ffb962ecf3e5f2480 java-1.6.0-openjdk-devel-1.6.0.38-1.13.10.0.el6_7.i686.rpm
bcae5c7e8520c7462c383d629d5e74047e2ce5991b7ac22f36ac035f0fc33000 java-1.6.0-openjdk-javadoc-1.6.0.38-1.13.10.0.el6_7.i686.rpm
30a96ce89d2188f1ee96309dfd9ba72f37c77d3d8cc924baf3dcd25ae786d5f7 java-1.6.0-openjdk-src-1.6.0.38-1.13.10.0.el6_7.i686.rpm

x86_64:
dc86666020c01029080793f7a80ee11ff7b8aa692ee3e5d27b36281d54f5e1a3 java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el6_7.x86_64.rpm
8090ed5219f8f569c4fb0dc94242b0fcfe62415de1089b1a99ade591102ba088 java-1.6.0-openjdk-demo-1.6.0.38-1.13.10.0.el6_7.x86_64.rpm
7f3c15ee1836066bad87abca524b4af50cc449f51f7ef5a248f4f3db2b2d62af java-1.6.0-openjdk-devel-1.6.0.38-1.13.10.0.el6_7.x86_64.rpm
4ac324c5649d25af27d90af2b6310924c029ac7063f922a43e946969051cc92b java-1.6.0-openjdk-javadoc-1.6.0.38-1.13.10.0.el6_7.x86_64.rpm
0b05e4b8e47cf5c7e6d7daf23c9eb8ab620ac85840dbc6d4d50bf5c4a4aa9743 java-1.6.0-openjdk-src-1.6.0.38-1.13.10.0.el6_7.x86_64.rpm

Source:
5caca590014371e8066406ef364651473a52b86e7fc56f33acbef9d9b9aa2d80 java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el6_7.src.rpm

x86_64:
6d2a9fcd8c0047fbf75850d6f87916da874d826cd045fd282624d4e2c9027e2a java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el7_2.x86_64.rpm
fc340ba9fdf41498a57f1e855c5ef4d914b1bf02dda5c3532efecdb721fbb64b java-1.6.0-openjdk-demo-1.6.0.38-1.13.10.0.el7_2.x86_64.rpm
d20b7ecea5d222dd53a8795dd24ef962e6fea3e12169dabaa09408fb99c6f96f java-1.6.0-openjdk-devel-1.6.0.38-1.13.10.0.el7_2.x86_64.rpm
88daac1696331dc127050b86ead11f1e1311b630f2e8cb0105e09c54293b2a22 java-1.6.0-openjdk-javadoc-1.6.0.38-1.13.10.0.el7_2.x86_64.rpm
a2e0e4314c57c089bd5a0269b43dd4f90225f689c3cf31ade4445959c8d44c72 java-1.6.0-openjdk-src-1.6.0.38-1.13.10.0.el7_2.x86_64.rpm

Source:
93a4207025786c507681644aeb2d0b477bc7ff567c95a7275df008576d8a61dc java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el7_2.src.rpm

Cause:   Not specified
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  5, 6, 7

Message History:   This archive entry is a follow-up to the message listed below.
Jan 19 2016 Oracle Java SE Multiple Flaws Let Local and Remote Users Gain Elevated Privileges, Access and Modify Data, and Deny Service



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:0067 Important CentOS 5 java-1.6.0-openjdk Security Update


CentOS Errata and Security Advisory 2016:0067 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0067.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
a564cd9490be5ab97d050c1a1cee2090f315dc6e8993c3bb57fac0c732c6a3d3  java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el5_11.i386.rpm
1e6e6102a88e6f8d1d99ba513f5d5bd27445c08ac35606126330dcb7eb309d8b  java-1.6.0-openjdk-demo-1.6.0.38-1.13.10.0.el5_11.i386.rpm
5c5f8fed0f9e6ea7f009fa5db9f1d8517160a68470d5fa42d3b5964c730e1e12  java-1.6.0-openjdk-devel-1.6.0.38-1.13.10.0.el5_11.i386.rpm
e3a65df6870d94b0be2553dabb647892d44564fc25ce7f091a50e711fb1bb6a3  java-1.6.0-openjdk-javadoc-1.6.0.38-1.13.10.0.el5_11.i386.rpm
7596230198a5fc3d7149f94becde9cccccc1166f03b7d664500df33bae23ea67  java-1.6.0-openjdk-src-1.6.0.38-1.13.10.0.el5_11.i386.rpm

x86_64:
65e34e63b9a6d16a8019e1e7027d41438ae81722373d5847c94a0ee879a5478b  java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el5_11.x86_64.rpm
3018d3ea3b1a291928891409ac60be0120863848ded1f271cc2b6a332a45b102  java-1.6.0-openjdk-demo-1.6.0.38-1.13.10.0.el5_11.x86_64.rpm
276a82950dbe20324ce1322cf2cd781466b8a0b8a155b6d7f7f46a0bce2e76d9  java-1.6.0-openjdk-devel-1.6.0.38-1.13.10.0.el5_11.x86_64.rpm
dc3173332668d4a3a75894c73ed938cf558592d49cc3e18c86e03a92ad776ba8  java-1.6.0-openjdk-javadoc-1.6.0.38-1.13.10.0.el5_11.x86_64.rpm
e14622d70222762fad88e2f2238e6ae27c8f630e0ed29dbd78c19e0d2d0fb329  java-1.6.0-openjdk-src-1.6.0.38-1.13.10.0.el5_11.x86_64.rpm

Source:
67daf7f23cfdf1dc5aecdd9d6e1fdaedf77d3863445da21200f52628ec412953  java-1.6.0-openjdk-1.6.0.38-1.13.10.0.el5_11.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC