Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2012:0322
The remote host is missing updates announced in
advisory RHSA-2012:0322.

These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.

It was discovered that Java2D did not properly check graphics rendering
objects before passing them to the native renderer. Malicious input, or an
untrusted Java application or applet could use this flaw to crash the Java
Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497)

It was discovered that the exception thrown on deserialization failure did
not always contain a proper identification of the cause of the failure. An
untrusted Java application or applet could use this flaw to bypass Java
sandbox restrictions. (CVE-2012-0505)

The AtomicReferenceArray class implementation did not properly check if
the array was of the expected Object[] type. A malicious Java application
or applet could use this flaw to bypass Java sandbox restrictions.

It was discovered that the use of TimeZone.setDefault() was not restricted
by the SecurityManager, allowing an untrusted Java application or applet to
set a new default time zone, and hence bypass Java sandbox restrictions.

The HttpServer class did not limit the number of headers read from HTTP
requests. A remote attacker could use this flaw to make an application
using HttpServer use an excessive amount of CPU time via a
specially-crafted request. This update introduces a header count limit
controlled using the property. The default
value is 200. (CVE-2011-5035)

The Java Sound component did not properly check buffer boundaries.
Malicious input, or an untrusted Java application or applet could use this
flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion
of its memory. (CVE-2011-3563)

A flaw was found in the AWT KeyboardFocusManager that could allow an
untrusted Java application or applet to acquire keyboard focus and possibly
steal sensitive information. (CVE-2012-0502)

It was discovered that the CORBA (Common Object Request Broker
Architecture) implementation in Java did not properly protect repository
identifiers on certain CORBA objects. This could have been used to modify
immutable object data. (CVE-2012-0506)

An off-by-one flaw, causing a stack overflow, was found in the unpacker for
ZIP files. A specially-crafted ZIP archive could cause the Java Virtual
Machine (JVM) to crash when opened. (CVE-2012-0501)

This erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to
the NEWS file, linked to in the References, for further information.

All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : High

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-3563
BugTraq ID: 52012
Debian Security Information: DSA-2420 (Google Search)
HPdes Security Advisory: HPSBMU02797
HPdes Security Advisory: HPSBMU02799
HPdes Security Advisory: HPSBUX02757
HPdes Security Advisory: HPSBUX02760
HPdes Security Advisory: HPSBUX02777
HPdes Security Advisory: HPSBUX02784
HPdes Security Advisory: SSRT100779
HPdes Security Advisory: SSRT100805
HPdes Security Advisory: SSRT100854
HPdes Security Advisory: SSRT100867
HPdes Security Advisory: SSRT100871
RedHat Security Advisories: RHSA-2012:0508
RedHat Security Advisories: RHSA-2012:0514
RedHat Security Advisories: RHSA-2012:0702
RedHat Security Advisories: RHSA-2012:1080
RedHat Security Advisories: RHSA-2013:1455
SuSE Security Announcement: SUSE-SU-2012:0602 (Google Search)
SuSE Security Announcement: SUSE-SU-2012:0603 (Google Search)
SuSE Security Announcement: SUSE-SU-2012:0734 (Google Search)
SuSE Security Announcement: SUSE-SU-2012:0881 (Google Search)
SuSE Security Announcement: SUSE-SU-2012:1013 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2011-3571
SuSE Security Announcement: openSUSE-SU-2012:1323 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2011-5035
Bugtraq: 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (Google Search)
CERT/CC vulnerability note: VU#903934
HPdes Security Advisory: HPSBST02955
Common Vulnerability Exposure (CVE) ID: CVE-2012-0497
BugTraq ID: 52009
Common Vulnerability Exposure (CVE) ID: CVE-2012-0501
BugTraq ID: 52013
Common Vulnerability Exposure (CVE) ID: CVE-2012-0502
BugTraq ID: 52011
Common Vulnerability Exposure (CVE) ID: CVE-2012-0503
BugTraq ID: 52018
Common Vulnerability Exposure (CVE) ID: CVE-2012-0505
BugTraq ID: 52017
Common Vulnerability Exposure (CVE) ID: CVE-2012-0506
BugTraq ID: 52014
CopyrightCopyright (c) 2012 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.