Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2012:1386
The remote host is missing updates announced in
advisory RHSA-2012:1386.

These packages provide the OpenJDK 7 Java Runtime Environment and the
OpenJDK 7 Software Development Kit.

Multiple improper permission check issues were discovered in the Beans,
Libraries, Swing, and JMX components in OpenJDK. An untrusted Java
application or applet could use these flaws to bypass Java sandbox
restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084,

The default Java security properties configuration did not restrict access
to certain packages. An untrusted Java application
or applet could use these flaws to bypass Java sandbox restrictions. This
update lists those packages as restricted. (CVE-2012-5076, CVE-2012-5074)

Multiple improper permission check issues were discovered in the Scripting,
JMX, Concurrency, Libraries, and Security components in OpenJDK. An
untrusted Java application or applet could use these flaws to bypass
certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071,
CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)

It was discovered that java.util.ServiceLoader could create an instance of
an incompatible class while performing provider lookup. An untrusted Java
application or applet could use this flaw to bypass certain Java sandbox
restrictions. (CVE-2012-5079)

It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS
implementation did not properly handle handshake records containing an
overly large data length value. An unauthenticated, remote attacker could
possibly use this flaw to cause an SSL/TLS server to terminate with an
exception. (CVE-2012-5081)

It was discovered that the JMX component in OpenJDK could perform certain
actions in an insecure manner. An untrusted Java application or applet
could possibly use these flaws to disclose sensitive information.
(CVE-2012-5070, CVE-2012-5075)

A bug in the Java HotSpot Virtual Machine optimization code could cause it
to not perform array initialization in certain cases. An untrusted Java
application or applet could use this flaw to disclose portions of the
virtual machine's memory. (CVE-2012-4416)

It was discovered that the SecureRandom class did not properly protect
against the creation of multiple seeders. An untrusted Java application or
applet could possibly use this flaw to disclose sensitive information.

It was discovered that the class exposed the hash
code of the canonicalized path name. An untrusted Java application or
applet could possibly use this flaw to determine certain system paths, such
as the current working directory. (CVE-2012-3216)

This update disables Gopher protocol support in the package by
default. Gopher support can be enabled by setting the newly introduced
property,, to true. (CVE-2012-5085)

This erratum also upgrades the OpenJDK package to IcedTea7 2.3.3. Refer to
the NEWS file, linked to in the References, for further information.

All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : High

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-3216
BugTraq ID: 56075
HPdes Security Advisory: HPSBOV02833
HPdes Security Advisory: HPSBUX02832
HPdes Security Advisory: SSRT101042
HPdes Security Advisory: SSRT101043
RedHat Security Advisories: RHSA-2012:1385
RedHat Security Advisories: RHSA-2012:1386
RedHat Security Advisories: RHSA-2012:1391
RedHat Security Advisories: RHSA-2012:1392
RedHat Security Advisories: RHSA-2012:1465
RedHat Security Advisories: RHSA-2012:1466
RedHat Security Advisories: RHSA-2012:1467
RedHat Security Advisories: RHSA-2013:1455
RedHat Security Advisories: RHSA-2013:1456
SuSE Security Announcement: SUSE-SU-2012:1398 (Google Search)
SuSE Security Announcement: SUSE-SU-2012:1489 (Google Search)
SuSE Security Announcement: SUSE-SU-2012:1490 (Google Search)
SuSE Security Announcement: SUSE-SU-2012:1595 (Google Search)
SuSE Security Announcement: openSUSE-SU-2012:1423 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2012-4416
BugTraq ID: 55501
Common Vulnerability Exposure (CVE) ID: CVE-2012-5068
BugTraq ID: 56076
XForce ISS Database: javaruntimeenvironment-lib-cve20125068(79425)
Common Vulnerability Exposure (CVE) ID: CVE-2012-5069
BugTraq ID: 56065
XForce ISS Database: javaruntimeenvironment-cc-cve20125069(79428)
Common Vulnerability Exposure (CVE) ID: CVE-2012-5070
BugTraq ID: 56079
XForce ISS Database: javaruntimeenvironment-jmx-info-disc(79430)
Common Vulnerability Exposure (CVE) ID: CVE-2012-5071
BugTraq ID: 56061
XForce ISS Database: javaruntimeenvironment-jmx-cve20125071(79427)
Common Vulnerability Exposure (CVE) ID: CVE-2012-5072
BugTraq ID: 56083
XForce ISS Database: javaruntimeenvironment-security-info-disc(79434)
Common Vulnerability Exposure (CVE) ID: CVE-2012-5073
BugTraq ID: 56080
XForce ISS Database: javaruntimeenvironment-lib-cve20125073(79432)
Common Vulnerability Exposure (CVE) ID: CVE-2012-5074
BugTraq ID: 56056
XForce ISS Database: javaruntimeenvironment-jaxws-cve20125074(79426)
Common Vulnerability Exposure (CVE) ID: CVE-2012-5075
BugTraq ID: 56081
XForce ISS Database: javaruntimeenvironment-comjmx-info-disc(79431)
Common Vulnerability Exposure (CVE) ID: CVE-2012-5076
Common Vulnerability Exposure (CVE) ID: CVE-2012-5077
BugTraq ID: 56058
XForce ISS Database: javaruntimeenvironment-sec-info-disc(79437)
Common Vulnerability Exposure (CVE) ID: CVE-2012-5079
BugTraq ID: 56082
XForce ISS Database: javaruntimeenvironment-lib-cve20125079(79433)
Common Vulnerability Exposure (CVE) ID: CVE-2012-5081
BugTraq ID: 56071
Common Vulnerability Exposure (CVE) ID: CVE-2012-5084
BugTraq ID: 56063
XForce ISS Database: javaruntimeenvironment-swing-cve20125084(79423)
Common Vulnerability Exposure (CVE) ID: CVE-2012-5085
BugTraq ID: 56067
Common Vulnerability Exposure (CVE) ID: CVE-2012-5086
BugTraq ID: 56039
XForce ISS Database: javaruntimeenvironment-beans-cve20125086(79414)
Common Vulnerability Exposure (CVE) ID: CVE-2012-5087
BugTraq ID: 56043
XForce ISS Database: javaruntimeenvironment-beans-cve20125087(79415)
Common Vulnerability Exposure (CVE) ID: CVE-2012-5088
XForce ISS Database: javaruntimeenvironment-lib-cve20125088(79420)
Common Vulnerability Exposure (CVE) ID: CVE-2012-5089
BugTraq ID: 56059
XForce ISS Database: javaruntimeenvironment-jmx-cve20125089(79422)
CopyrightCopyright (c) 2012 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.