SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java SE Vendors:   Oracle, Sun
(CentOS Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access and Modify Data, Deny Service, and Gain Elevated Privileges
SecurityTracker Alert ID:  1039640
SecurityTracker URL:  http://securitytracker.com/id/1039640
CVE Reference:   CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388   (Links to External Site)
Date:  Oct 23 2017
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6u161, 7u151, 8u144
Description:   Multiple vulnerabilities were reported in Oracle Java SE. A remote user can access data and modify on the target system. A remote user can cause denial of service conditions on the target system. A remote user can gain elevated privileges.

A remote user can exploit a flaw in the Hotspot component to gain elevated privileges [CVE-2017-10346].

A remote user can exploit a flaw in the RMI component to gain elevated privileges [CVE-2017-10285].

A remote user can exploit a flaw in the Libraries component to gain elevated privileges [CVE-2017-10388].

A remote user can exploit a flaw in the Deployment component to partially access data, partially modify data, and partially deny service [CVE-2017-10309].

A remote user can exploit a flaw in the Smart Card IO component to access and modify data [CVE-2017-10274].

A local user can exploit a flaw in the Security component to access data [CVE-2017-10356].

A remote user can exploit a flaw in the Javadoc component to partially access and partially modify data [CVE-2017-10293].

A remote user can exploit a flaw in the Server component to cause partial denial of service conditions [CVE-2017-10342].

A remote user can exploit a flaw in the JAX-WS component to cause partial denial of service conditions [CVE-2017-10350].

A remote user can exploit a flaw in the JAXP component to cause partial denial of service conditions [CVE-2017-10349].

A remote user can exploit a flaw in the Libraries component to cause partial denial of service conditions [CVE-2017-10348].

A remote user can exploit a flaw in the Serialization component to cause partial denial of service conditions [CVE-2017-10357].

A remote user can exploit a flaw in the Util (zlib) component to partially modify data [CVE-2016-9841].

A remote user can exploit a flaw in the 2D (Little CMS 2) component to partially access data [CVE-2016-10165].

A remote user can exploit a flaw in the Networking component to cause partial denial of service conditions [CVE-2017-10355].

A remote user can exploit a flaw in the Serialization component to cause partial denial of service conditions [CVE-2017-10281, CVE-2017-10347].

A remote authenticated user can exploit a flaw in the Sever component to partially access and partially modify data [CVE-2017-10386].

A remote user can exploit a flaw in the Server component to partially access and partially modify data [CVE-2017-10380].

A remote user can exploit a flaw in the Networking component to partially modify data [CVE-2017-10295].

A remote user can exploit a flaw in the Server component to partially modify data [CVE-2017-10341].

A remote user can exploit a flaw in the Serialization component to cause partial denial of service conditions [CVE-2017-10345].

An Anonymous researcher (via Beyond Security's SecuriTeam Secure Disclosure Program), Daniel Frojdendahl, Francesco Palmarini of Ca Foscari University of Venice, Gaston Traberg of Onapsis, Jeffrey Altman of Secure Endpoints Inc.,
Marco Squarcina of Ca Foscari University of Venice, Mauro Tempesta of Ca Foscari University of Venice, Orange Tsai, Riccardo Focardi of Ca Foscari University of Venice, Steven Seeley of Source Incite, Tamas Szakaly, and Tobias Ospelt of modzero reported these vulnerabilities.

Impact:   A remote user can obtain data on the target system.

A remote user can modify data on the target system.

A remote user can cause denial of service conditions.

A remote user can gain elevated privileges on the target system.

Solution:   CentOS has issued a fix for CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, and CVE-2017-10388.

x86_64:
6290d8d4aa663f5605357a68545914f067e60a97f9ae39d5f02f2f3db9fcb8a5 java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.i686.rpm
4fa477419048713e13f7652519891d175eb799f3f49b1e051fb3b6e1ec5752a7 java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64.rpm
19feb8083a615943171816f787746cd66e0184f4f9f1b6645af62d6ba6ba8f87 java-1.8.0-openjdk-accessibility-1.8.0.151-1.b12.el7_4.i686.rpm
80e4015482b7784f8b694a1c967c7e2670b7807365c2de32dd7b25ba3098ce60 java-1.8.0-openjdk-accessibility-1.8.0.151-1.b12.el7_4.x86_64.rpm
896158c995332c313ba94342949181a39ef9229d2e6c7367d75d5efd2990eb39 java-1.8.0-openjdk-accessibility-debug-1.8.0.151-1.b12.el7_4.i686.rpm
9a9887cbb07394321f7130dbe4ca78cf065d8aeb2ddf58702bd904ed63a3786c java-1.8.0-openjdk-accessibility-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm
d68257cbd177ba4c579bc34ae7e307794c40339af64d9a2b4d3de644a63125ec java-1.8.0-openjdk-debug-1.8.0.151-1.b12.el7_4.i686.rpm
2d4c51f283412e6b992c7840a050b2ca5b576b0efb3921dbe0716d7e89653aec java-1.8.0-openjdk-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm
b6cc2cbd472caba244d5b5b0ad5d04606e0dc45fc5e85f21d4f9b1b5daab0d81 java-1.8.0-openjdk-demo-1.8.0.151-1.b12.el7_4.i686.rpm
6ef0f75a0541852843c611426e8626c8da767203a4598d4526f474c379157d5e java-1.8.0-openjdk-demo-1.8.0.151-1.b12.el7_4.x86_64.rpm
9fcf647be84850cc29a76151bdbf33923c51fd435f2a61e5d6783e649c793076 java-1.8.0-openjdk-demo-debug-1.8.0.151-1.b12.el7_4.i686.rpm
3659ea2126543895288e251f3d2909086e21bb18b4431756ee7798f4e167434e java-1.8.0-openjdk-demo-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm
276bcecb0cfc221102cbce4b1556ff574a01d6efa0a84a339633c311204bfe35 java-1.8.0-openjdk-devel-1.8.0.151-1.b12.el7_4.i686.rpm
8fdc3b052371158aa756b8746b166a12eb3e40046e10b797fb4b544df533cf1b java-1.8.0-openjdk-devel-1.8.0.151-1.b12.el7_4.x86_64.rpm
2539a8ca705fd3c8b8ad871ad8a5df3a59e186dc9c87341f31873fee180efd7b java-1.8.0-openjdk-devel-debug-1.8.0.151-1.b12.el7_4.i686.rpm
d77e4d3eb7fdd36e6c6b96f7dd73298f2432949c07b1e3b54430a0ec78a1f047 java-1.8.0-openjdk-devel-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm
fc776ebf79613189b1136d8300e4b74b4eef05b27b06896d5eea3fc9ca069ffc java-1.8.0-openjdk-headless-1.8.0.151-1.b12.el7_4.i686.rpm
962feea976a0dcbd9fcf290c216c24783ad76c8bf2742d7c3933d9bb3e6b8816 java-1.8.0-openjdk-headless-1.8.0.151-1.b12.el7_4.x86_64.rpm
14a2d2fce3c43465c661362fd154e24e2fb2dd33e0bd1af99e3983051f9fdeaf java-1.8.0-openjdk-headless-debug-1.8.0.151-1.b12.el7_4.i686.rpm
e6e3bf6c566353a19822ae0009af0406e65a17cb21ea421b85fc8222d7d84a8f java-1.8.0-openjdk-headless-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm
50a9c2d3838ad9c43f9066bf8e1665d911c2131f8f713c06a3fe5e8702053ca2 java-1.8.0-openjdk-javadoc-1.8.0.151-1.b12.el7_4.noarch.rpm
09725230ff929ab67bfb6e6fa392549d7d6e35368f14529ca9ec42b23368f73d java-1.8.0-openjdk-javadoc-debug-1.8.0.151-1.b12.el7_4.noarch.rpm
d29bfb89c9343e6fa2f6bc526b7e78d04e00395a9bc37de9343a0aa5093c9f38 java-1.8.0-openjdk-javadoc-zip-1.8.0.151-1.b12.el7_4.noarch.rpm
f0f102e6aa161bf519c80b6fab679c71b2c6054f2e4499f26662e8ffde4cd313 java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.151-1.b12.el7_4.noarch.rpm
941f1ca62a54f2c76a7ff05722dff4101dd7b112e449b9a638e906be02be21e5 java-1.8.0-openjdk-src-1.8.0.151-1.b12.el7_4.i686.rpm
5136ae05ebfb46c3d3a8548a357125357e57c5200f2f9dc01732413c4f0d6a15 java-1.8.0-openjdk-src-1.8.0.151-1.b12.el7_4.x86_64.rpm
a65fbea4eea439e89254aea534a83222778967deef1f520afb061dabb2bac5b4 java-1.8.0-openjdk-src-debug-1.8.0.151-1.b12.el7_4.i686.rpm
faa1e7924c60cf63a20c489fb23817481b1f9ac4b7dbde9372d233cea7689109 java-1.8.0-openjdk-src-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm

Source:
9f7c34a720f32ea1b1ae28b8c11110c20e540a3a990fc94a9f8795eb032bb6f6 java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.src.rpm

Cause:   Not specified
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  7

Message History:   This archive entry is a follow-up to the message listed below.
Oct 17 2017 Oracle Java SE Multiple Flaws Let Remote Users Access and Modify Data, Deny Service, and Gain Elevated Privileges



 Source Message Contents

Subject:  [CentOS-announce] CESA-2017:2998 Critical CentOS 7 java-1.8.0-openjdk Security Update


CentOS Errata and Security Advisory 2017:2998 Critical

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2998

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
6290d8d4aa663f5605357a68545914f067e60a97f9ae39d5f02f2f3db9fcb8a5  java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.i686.rpm
4fa477419048713e13f7652519891d175eb799f3f49b1e051fb3b6e1ec5752a7  java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64.rpm
19feb8083a615943171816f787746cd66e0184f4f9f1b6645af62d6ba6ba8f87  java-1.8.0-openjdk-accessibility-1.8.0.151-1.b12.el7_4.i686.rpm
80e4015482b7784f8b694a1c967c7e2670b7807365c2de32dd7b25ba3098ce60  java-1.8.0-openjdk-accessibility-1.8.0.151-1.b12.el7_4.x86_64.rpm
896158c995332c313ba94342949181a39ef9229d2e6c7367d75d5efd2990eb39  java-1.8.0-openjdk-accessibility-debug-1.8.0.151-1.b12.el7_4.i686.rpm
9a9887cbb07394321f7130dbe4ca78cf065d8aeb2ddf58702bd904ed63a3786c  java-1.8.0-openjdk-accessibility-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm
d68257cbd177ba4c579bc34ae7e307794c40339af64d9a2b4d3de644a63125ec  java-1.8.0-openjdk-debug-1.8.0.151-1.b12.el7_4.i686.rpm
2d4c51f283412e6b992c7840a050b2ca5b576b0efb3921dbe0716d7e89653aec  java-1.8.0-openjdk-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm
b6cc2cbd472caba244d5b5b0ad5d04606e0dc45fc5e85f21d4f9b1b5daab0d81  java-1.8.0-openjdk-demo-1.8.0.151-1.b12.el7_4.i686.rpm
6ef0f75a0541852843c611426e8626c8da767203a4598d4526f474c379157d5e  java-1.8.0-openjdk-demo-1.8.0.151-1.b12.el7_4.x86_64.rpm
9fcf647be84850cc29a76151bdbf33923c51fd435f2a61e5d6783e649c793076  java-1.8.0-openjdk-demo-debug-1.8.0.151-1.b12.el7_4.i686.rpm
3659ea2126543895288e251f3d2909086e21bb18b4431756ee7798f4e167434e  java-1.8.0-openjdk-demo-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm
276bcecb0cfc221102cbce4b1556ff574a01d6efa0a84a339633c311204bfe35  java-1.8.0-openjdk-devel-1.8.0.151-1.b12.el7_4.i686.rpm
8fdc3b052371158aa756b8746b166a12eb3e40046e10b797fb4b544df533cf1b  java-1.8.0-openjdk-devel-1.8.0.151-1.b12.el7_4.x86_64.rpm
2539a8ca705fd3c8b8ad871ad8a5df3a59e186dc9c87341f31873fee180efd7b  java-1.8.0-openjdk-devel-debug-1.8.0.151-1.b12.el7_4.i686.rpm
d77e4d3eb7fdd36e6c6b96f7dd73298f2432949c07b1e3b54430a0ec78a1f047  java-1.8.0-openjdk-devel-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm
fc776ebf79613189b1136d8300e4b74b4eef05b27b06896d5eea3fc9ca069ffc  java-1.8.0-openjdk-headless-1.8.0.151-1.b12.el7_4.i686.rpm
962feea976a0dcbd9fcf290c216c24783ad76c8bf2742d7c3933d9bb3e6b8816  java-1.8.0-openjdk-headless-1.8.0.151-1.b12.el7_4.x86_64.rpm
14a2d2fce3c43465c661362fd154e24e2fb2dd33e0bd1af99e3983051f9fdeaf  java-1.8.0-openjdk-headless-debug-1.8.0.151-1.b12.el7_4.i686.rpm
e6e3bf6c566353a19822ae0009af0406e65a17cb21ea421b85fc8222d7d84a8f  java-1.8.0-openjdk-headless-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm
50a9c2d3838ad9c43f9066bf8e1665d911c2131f8f713c06a3fe5e8702053ca2  java-1.8.0-openjdk-javadoc-1.8.0.151-1.b12.el7_4.noarch.rpm
09725230ff929ab67bfb6e6fa392549d7d6e35368f14529ca9ec42b23368f73d  java-1.8.0-openjdk-javadoc-debug-1.8.0.151-1.b12.el7_4.noarch.rpm
d29bfb89c9343e6fa2f6bc526b7e78d04e00395a9bc37de9343a0aa5093c9f38  java-1.8.0-openjdk-javadoc-zip-1.8.0.151-1.b12.el7_4.noarch.rpm
f0f102e6aa161bf519c80b6fab679c71b2c6054f2e4499f26662e8ffde4cd313  java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.151-1.b12.el7_4.noarch.rpm
941f1ca62a54f2c76a7ff05722dff4101dd7b112e449b9a638e906be02be21e5  java-1.8.0-openjdk-src-1.8.0.151-1.b12.el7_4.i686.rpm
5136ae05ebfb46c3d3a8548a357125357e57c5200f2f9dc01732413c4f0d6a15  java-1.8.0-openjdk-src-1.8.0.151-1.b12.el7_4.x86_64.rpm
a65fbea4eea439e89254aea534a83222778967deef1f520afb061dabb2bac5b4  java-1.8.0-openjdk-src-debug-1.8.0.151-1.b12.el7_4.i686.rpm
faa1e7924c60cf63a20c489fb23817481b1f9ac4b7dbde9372d233cea7689109  java-1.8.0-openjdk-src-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm

Source:
9f7c34a720f32ea1b1ae28b8c11110c20e540a3a990fc94a9f8795eb032bb6f6  java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC