SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java SE Vendors:   Oracle, Sun
(CentOS Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access and Modify Data, Deny Service, and Gain Elevated Privileges
SecurityTracker Alert ID:  1039635
SecurityTracker URL:  http://securitytracker.com/id/1039635
CVE Reference:   CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388   (Links to External Site)
Date:  Oct 20 2017
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6u161, 7u151, 8u144
Description:   Multiple vulnerabilities were reported in Oracle Java SE. A remote user can access data and modify on the target system. A remote user can cause denial of service conditions on the target system. A remote user can gain elevated privileges.

A remote user can exploit a flaw in the Hotspot component to gain elevated privileges [CVE-2017-10346].

A remote user can exploit a flaw in the RMI component to gain elevated privileges [CVE-2017-10285].

A remote user can exploit a flaw in the Libraries component to gain elevated privileges [CVE-2017-10388].

A remote user can exploit a flaw in the Deployment component to partially access data, partially modify data, and partially deny service [CVE-2017-10309].

A remote user can exploit a flaw in the Smart Card IO component to access and modify data [CVE-2017-10274].

A local user can exploit a flaw in the Security component to access data [CVE-2017-10356].

A remote user can exploit a flaw in the Javadoc component to partially access and partially modify data [CVE-2017-10293].

A remote user can exploit a flaw in the Server component to cause partial denial of service conditions [CVE-2017-10342].

A remote user can exploit a flaw in the JAX-WS component to cause partial denial of service conditions [CVE-2017-10350].

A remote user can exploit a flaw in the JAXP component to cause partial denial of service conditions [CVE-2017-10349].

A remote user can exploit a flaw in the Libraries component to cause partial denial of service conditions [CVE-2017-10348].

A remote user can exploit a flaw in the Serialization component to cause partial denial of service conditions [CVE-2017-10357].

A remote user can exploit a flaw in the Util (zlib) component to partially modify data [CVE-2016-9841].

A remote user can exploit a flaw in the 2D (Little CMS 2) component to partially access data [CVE-2016-10165].

A remote user can exploit a flaw in the Networking component to cause partial denial of service conditions [CVE-2017-10355].

A remote user can exploit a flaw in the Serialization component to cause partial denial of service conditions [CVE-2017-10281, CVE-2017-10347].

A remote authenticated user can exploit a flaw in the Sever component to partially access and partially modify data [CVE-2017-10386].

A remote user can exploit a flaw in the Server component to partially access and partially modify data [CVE-2017-10380].

A remote user can exploit a flaw in the Networking component to partially modify data [CVE-2017-10295].

A remote user can exploit a flaw in the Server component to partially modify data [CVE-2017-10341].

A remote user can exploit a flaw in the Serialization component to cause partial denial of service conditions [CVE-2017-10345].

An Anonymous researcher (via Beyond Security's SecuriTeam Secure Disclosure Program), Daniel Frojdendahl, Francesco Palmarini of Ca Foscari University of Venice, Gaston Traberg of Onapsis, Jeffrey Altman of Secure Endpoints Inc.,
Marco Squarcina of Ca Foscari University of Venice, Mauro Tempesta of Ca Foscari University of Venice, Orange Tsai, Riccardo Focardi of Ca Foscari University of Venice, Steven Seeley of Source Incite, Tamas Szakaly, and Tobias Ospelt of modzero reported these vulnerabilities.

Impact:   A remote user can obtain data on the target system.

A remote user can modify data on the target system.

A remote user can cause denial of service conditions.

A remote user can gain elevated privileges on the target system.

Solution:   CentOS has issued a fix for CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, and CVE-2017-10388.

i386:
db59376b06b97b003badf481eb74732f07891fc4bb7403788f568da62553f706 java-1.8.0-openjdk-1.8.0.151-1.b12.el6_9.i686.rpm
ecd813a0fab591118bb4eee37baa195b37db5a266e57b62a14fc2fa145590454 java-1.8.0-openjdk-debug-1.8.0.151-1.b12.el6_9.i686.rpm
9f0f608859f916463991ac246eaa4b357ac712e05359a4aecb923ecaea6eb4d2 java-1.8.0-openjdk-demo-1.8.0.151-1.b12.el6_9.i686.rpm
cac86c04d093ccc39120e1e7c11ce3e5851f75337ab56bdb211639452b91c82a java-1.8.0-openjdk-demo-debug-1.8.0.151-1.b12.el6_9.i686.rpm
bb358438c59e81e98f0aeca5bf3f5906016576c00df63bce5927859e59f053be java-1.8.0-openjdk-devel-1.8.0.151-1.b12.el6_9.i686.rpm
4ab141e449916da0bd19cec96fc7e6a60c2c57490847654fcf0d532b1f49bf0c java-1.8.0-openjdk-devel-debug-1.8.0.151-1.b12.el6_9.i686.rpm
4ecc049d78b469f6893346577b593579543cc8dd956f728e5f72bce1cb934f9e java-1.8.0-openjdk-headless-1.8.0.151-1.b12.el6_9.i686.rpm
f6ffe739249777b00a383fc54c4be2fef2d5442ae94b7bd75a03e4541ee7406d java-1.8.0-openjdk-headless-debug-1.8.0.151-1.b12.el6_9.i686.rpm
11b81824b89f2483ce0b7c332498fb052f66605e9e3bcffa726bc3765e6cef32 java-1.8.0-openjdk-javadoc-1.8.0.151-1.b12.el6_9.noarch.rpm
48a9a11b24100765b9bec53b74fcfa884fc9062ed4b2552d2da5cb934103dc67 java-1.8.0-openjdk-javadoc-debug-1.8.0.151-1.b12.el6_9.noarch.rpm
bd3e5e836475b20142ab35d159208507ce147e01f4b645e30d10131a786081db java-1.8.0-openjdk-src-1.8.0.151-1.b12.el6_9.i686.rpm
45ab8591c25b5398b9db9859094efb1bf8a4d874f4dff2bbbb7bb4ec7acf4579 java-1.8.0-openjdk-src-debug-1.8.0.151-1.b12.el6_9.i686.rpm

x86_64:
82d322de0290fe536422ed8eca530b188143af994e9969bc8af4602eedf3cbd7 java-1.8.0-openjdk-1.8.0.151-1.b12.el6_9.x86_64.rpm
c7ea500ecdb076d2872c9cdfe45953813f74ad6e89a35cd1dc3b1c578c3a1cf4 java-1.8.0-openjdk-debug-1.8.0.151-1.b12.el6_9.x86_64.rpm
1b0dbbf1de0a768cb9526d0277284d4c3aa92d277cdaeaf10dfe2c1646d3324c java-1.8.0-openjdk-demo-1.8.0.151-1.b12.el6_9.x86_64.rpm
a3a5e7aced5ec8bbc10a2b3a74ed103f7b203c937b31637314d85c2ab5147271 java-1.8.0-openjdk-demo-debug-1.8.0.151-1.b12.el6_9.x86_64.rpm
1c1b88b071b077863ec706ff9e09d511fe723d8d59c890aa960266bc315e8c5f java-1.8.0-openjdk-devel-1.8.0.151-1.b12.el6_9.x86_64.rpm
3887227a83f9b50a7ab5a6fbb5ad2e68fd9a20a3a9e8f6e422a481eeaa57abe3 java-1.8.0-openjdk-devel-debug-1.8.0.151-1.b12.el6_9.x86_64.rpm
50fe910c61c84fa99f17a0f80bda75a256b6ec8eb00c1025307068aa727bc035 java-1.8.0-openjdk-headless-1.8.0.151-1.b12.el6_9.x86_64.rpm
2ac6b807761e3c4fca9fcfc82dcbdebbdd4fb5bd41e012fb4e5befd96acbef61 java-1.8.0-openjdk-headless-debug-1.8.0.151-1.b12.el6_9.x86_64.rpm
11b81824b89f2483ce0b7c332498fb052f66605e9e3bcffa726bc3765e6cef32 java-1.8.0-openjdk-javadoc-1.8.0.151-1.b12.el6_9.noarch.rpm
48a9a11b24100765b9bec53b74fcfa884fc9062ed4b2552d2da5cb934103dc67 java-1.8.0-openjdk-javadoc-debug-1.8.0.151-1.b12.el6_9.noarch.rpm
53a1e3fcd8c4b00ec29cbd9d1998b1851f0f71422b0aa95862a239bf0a160b0d java-1.8.0-openjdk-src-1.8.0.151-1.b12.el6_9.x86_64.rpm
c9ddc0b2ed3f7e36210e1eaf1aa03f5c9466370a6b826f0695881f63bc0f1404 java-1.8.0-openjdk-src-debug-1.8.0.151-1.b12.el6_9.x86_64.rpm

Source:
e2241ce81ecc2dc64253cb7c5e1d6f4732fe892c7164839f7bb606e25ce0056b java-1.8.0-openjdk-1.8.0.151-1.b12.el6_9.src.rpm

Cause:   Not specified
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6

Message History:   This archive entry is a follow-up to the message listed below.
Oct 17 2017 Oracle Java SE Multiple Flaws Let Remote Users Access and Modify Data, Deny Service, and Gain Elevated Privileges



 Source Message Contents

Subject:  [CentOS-announce] CESA-2017:2998 Critical CentOS 6 java-1.8.0-openjdk Security Update


CentOS Errata and Security Advisory 2017:2998 Critical

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2998

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
db59376b06b97b003badf481eb74732f07891fc4bb7403788f568da62553f706  java-1.8.0-openjdk-1.8.0.151-1.b12.el6_9.i686.rpm
ecd813a0fab591118bb4eee37baa195b37db5a266e57b62a14fc2fa145590454  java-1.8.0-openjdk-debug-1.8.0.151-1.b12.el6_9.i686.rpm
9f0f608859f916463991ac246eaa4b357ac712e05359a4aecb923ecaea6eb4d2  java-1.8.0-openjdk-demo-1.8.0.151-1.b12.el6_9.i686.rpm
cac86c04d093ccc39120e1e7c11ce3e5851f75337ab56bdb211639452b91c82a  java-1.8.0-openjdk-demo-debug-1.8.0.151-1.b12.el6_9.i686.rpm
bb358438c59e81e98f0aeca5bf3f5906016576c00df63bce5927859e59f053be  java-1.8.0-openjdk-devel-1.8.0.151-1.b12.el6_9.i686.rpm
4ab141e449916da0bd19cec96fc7e6a60c2c57490847654fcf0d532b1f49bf0c  java-1.8.0-openjdk-devel-debug-1.8.0.151-1.b12.el6_9.i686.rpm
4ecc049d78b469f6893346577b593579543cc8dd956f728e5f72bce1cb934f9e  java-1.8.0-openjdk-headless-1.8.0.151-1.b12.el6_9.i686.rpm
f6ffe739249777b00a383fc54c4be2fef2d5442ae94b7bd75a03e4541ee7406d  java-1.8.0-openjdk-headless-debug-1.8.0.151-1.b12.el6_9.i686.rpm
11b81824b89f2483ce0b7c332498fb052f66605e9e3bcffa726bc3765e6cef32  java-1.8.0-openjdk-javadoc-1.8.0.151-1.b12.el6_9.noarch.rpm
48a9a11b24100765b9bec53b74fcfa884fc9062ed4b2552d2da5cb934103dc67  java-1.8.0-openjdk-javadoc-debug-1.8.0.151-1.b12.el6_9.noarch.rpm
bd3e5e836475b20142ab35d159208507ce147e01f4b645e30d10131a786081db  java-1.8.0-openjdk-src-1.8.0.151-1.b12.el6_9.i686.rpm
45ab8591c25b5398b9db9859094efb1bf8a4d874f4dff2bbbb7bb4ec7acf4579  java-1.8.0-openjdk-src-debug-1.8.0.151-1.b12.el6_9.i686.rpm

x86_64:
82d322de0290fe536422ed8eca530b188143af994e9969bc8af4602eedf3cbd7  java-1.8.0-openjdk-1.8.0.151-1.b12.el6_9.x86_64.rpm
c7ea500ecdb076d2872c9cdfe45953813f74ad6e89a35cd1dc3b1c578c3a1cf4  java-1.8.0-openjdk-debug-1.8.0.151-1.b12.el6_9.x86_64.rpm
1b0dbbf1de0a768cb9526d0277284d4c3aa92d277cdaeaf10dfe2c1646d3324c  java-1.8.0-openjdk-demo-1.8.0.151-1.b12.el6_9.x86_64.rpm
a3a5e7aced5ec8bbc10a2b3a74ed103f7b203c937b31637314d85c2ab5147271  java-1.8.0-openjdk-demo-debug-1.8.0.151-1.b12.el6_9.x86_64.rpm
1c1b88b071b077863ec706ff9e09d511fe723d8d59c890aa960266bc315e8c5f  java-1.8.0-openjdk-devel-1.8.0.151-1.b12.el6_9.x86_64.rpm
3887227a83f9b50a7ab5a6fbb5ad2e68fd9a20a3a9e8f6e422a481eeaa57abe3  java-1.8.0-openjdk-devel-debug-1.8.0.151-1.b12.el6_9.x86_64.rpm
50fe910c61c84fa99f17a0f80bda75a256b6ec8eb00c1025307068aa727bc035  java-1.8.0-openjdk-headless-1.8.0.151-1.b12.el6_9.x86_64.rpm
2ac6b807761e3c4fca9fcfc82dcbdebbdd4fb5bd41e012fb4e5befd96acbef61  java-1.8.0-openjdk-headless-debug-1.8.0.151-1.b12.el6_9.x86_64.rpm
11b81824b89f2483ce0b7c332498fb052f66605e9e3bcffa726bc3765e6cef32  java-1.8.0-openjdk-javadoc-1.8.0.151-1.b12.el6_9.noarch.rpm
48a9a11b24100765b9bec53b74fcfa884fc9062ed4b2552d2da5cb934103dc67  java-1.8.0-openjdk-javadoc-debug-1.8.0.151-1.b12.el6_9.noarch.rpm
53a1e3fcd8c4b00ec29cbd9d1998b1851f0f71422b0aa95862a239bf0a160b0d  java-1.8.0-openjdk-src-1.8.0.151-1.b12.el6_9.x86_64.rpm
c9ddc0b2ed3f7e36210e1eaf1aa03f5c9466370a6b826f0695881f63bc0f1404  java-1.8.0-openjdk-src-debug-1.8.0.151-1.b12.el6_9.x86_64.rpm

Source:
e2241ce81ecc2dc64253cb7c5e1d6f4732fe892c7164839f7bb606e25ce0056b  java-1.8.0-openjdk-1.8.0.151-1.b12.el6_9.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC