Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-2507-1 openjdk-6 -- several vulnerabilities

Related Vulnerabilities: CVE-2012-1711   CVE-2012-1713   CVE-2012-1716   CVE-2012-1717   CVE-2012-1718   CVE-2012-1719   CVE-2012-1723   CVE-2012-1724   CVE-2012-1725  

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform. CVE-2012-1711 CVE-2012-1719 Multiple errors in the CORBA implementation could lead to breakouts of the Java sandbox. CVE-2012-1713 Missing input sanitising in the font manager could lead to the execution of arbitrary code. CVE-2012-1716 The SynthLookAndFeel Swing class could be abused to break out of the Java sandbox. CVE-2012-1717 Several temporary files were created insecurely, resulting in local information disclosure. CVE-2012-1718 Certificate revocation lists were incorrectly implemented. CVE-2012-1723 CVE-2012-1725 Validation errors in the bytecode verifier of the Hotspot VM could lead to breakouts of the Java sandbox. CVE-2012-1724 Missing input sanitising in the XML parser could lead to denial of service through an infinite loop. For the stable distribution (squeeze), this problem has been fixed in version 6b18-1.8.13-0+squeeze2. For the unstable distribution (sid), this problem has been fixed in version 6b24-1.11.3-1. We recommend that you upgrade your openjdk-6 packages.

Source

Debian Security Advisory

DSA-2507-1 openjdk-6 -- several vulnerabilities

Date Reported:
04 Jul 2012
Affected Packages:
openjdk-6
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725.
More information:

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform.

  • CVE-2012-1711 CVE-2012-1719

    Multiple errors in the CORBA implementation could lead to breakouts of the Java sandbox.

  • CVE-2012-1713

    Missing input sanitising in the font manager could lead to the execution of arbitrary code.

  • CVE-2012-1716

    The SynthLookAndFeel Swing class could be abused to break out of the Java sandbox.

  • CVE-2012-1717

    Several temporary files were created insecurely, resulting in local information disclosure.

  • CVE-2012-1718

    Certificate revocation lists were incorrectly implemented.

  • CVE-2012-1723 CVE-2012-1725

    Validation errors in the bytecode verifier of the Hotspot VM could lead to breakouts of the Java sandbox.

  • CVE-2012-1724

    Missing input sanitising in the XML parser could lead to denial of service through an infinite loop.

For the stable distribution (squeeze), this problem has been fixed in version 6b18-1.8.13-0+squeeze2.

For the unstable distribution (sid), this problem has been fixed in version 6b24-1.11.3-1.

We recommend that you upgrade your openjdk-6 packages.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started