Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2012:1223
HistorySep 03, 2012 - 2:37 p.m.

java security update

2012-09-0314:37:23
CentOS Project
lists.centos.org
48

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

CentOS Errata and Security Advisory CESA-2012:1223

These packages provide the OpenJDK 7 Java Runtime Environment and the
OpenJDK 7 Software Development Kit.

Multiple improper permission check issues were discovered in the Beans
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2012-4681,
CVE-2012-1682, CVE-2012-3136)

A hardening fix was applied to the AWT component in OpenJDK, removing
functionality from the restricted SunToolkit class that was used in
combination with other flaws to bypass Java sandbox restrictions.
(CVE-2012-0547)

All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2012-September/081004.html

Affected packages:
java-1.7.0-openjdk
java-1.7.0-openjdk-demo
java-1.7.0-openjdk-devel
java-1.7.0-openjdk-javadoc
java-1.7.0-openjdk-src

Upstream details at:
https://access.redhat.com/errata/RHSA-2012:1223

OSVersionArchitecturePackageVersionFilename
CentOS6i686java-1.7.0-openjdk<Β 1.7.0.5-2.2.1.el6_3.3java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.i686.rpm
CentOS6i686java-1.7.0-openjdk-demo<Β 1.7.0.5-2.2.1.el6_3.3java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.3.i686.rpm
CentOS6i686java-1.7.0-openjdk-devel<Β 1.7.0.5-2.2.1.el6_3.3java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.3.i686.rpm
CentOS6noarchjava-1.7.0-openjdk-javadoc<Β 1.7.0.5-2.2.1.el6_3.3java-1.7.0-openjdk-javadoc-1.7.0.5-2.2.1.el6_3.3.noarch.rpm
CentOS6i686java-1.7.0-openjdk-src<Β 1.7.0.5-2.2.1.el6_3.3java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.3.i686.rpm
CentOS6x86_64java-1.7.0-openjdk<Β 1.7.0.5-2.2.1.el6_3.3java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
CentOS6x86_64java-1.7.0-openjdk-demo<Β 1.7.0.5-2.2.1.el6_3.3java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
CentOS6x86_64java-1.7.0-openjdk-devel<Β 1.7.0.5-2.2.1.el6_3.3java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
CentOS6noarchjava-1.7.0-openjdk-javadoc<Β 1.7.0.5-2.2.1.el6_3.3java-1.7.0-openjdk-javadoc-1.7.0.5-2.2.1.el6_3.3.noarch.rpm
CentOS6x86_64java-1.7.0-openjdk-src<Β 1.7.0.5-2.2.1.el6_3.3java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm

Related

suse 5
nessus 36
redhat 7
openvas 54
oraclelinux 3
zdi 1
seebug 1
centos 2
prion 5
amazon 1
ubuntucve 5
cve 6
ubuntu 1
threatpost 13
canvas 1
fedora 12
attackerkb 3
cisa_kev 1
saint 4
securityvulns 4
freebsd 1
checkpoint_advisories 2
thn 4
cisa 1
metasploit 1
myhack58 1
cert 1
veracode 22
securelist 1
suse
suse
java-1_7_0-openjdk: security fix for remote exploit (critical)
2012-09-12 19:08:39
Security update for OpenJDK (critical)
2012-09-12 06:08:36
java-1_6_0-openjdk: icedtea-web update to 1.11.4 (bnc#) (critical)
2012-09-14 14:13:53
nessus
nessus
Oracle Java SE 7 < Update 7 Multiple Vulnerabilities (Unix)
2013-02-22 00:00:00
Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2012:150-1)
2012-10-06 00:00:00
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2012:1154-1)
2014-06-13 00:00:00
redhat
redhat
(RHSA-2012:1223) Important: java-1.7.0-openjdk security update
2012-09-03 00:00:00
(RHSA-2012:1225) Critical: java-1.7.0-oracle security update
2012-09-04 00:00:00
(RHSA-2012:1222) Important: java-1.6.0-openjdk security update
2012-09-03 00:00:00
openvas
openvas
RedHat Update for java-1.7.0-openjdk RHSA-2012:1223-01
2012-09-04 00:00:00
CentOS Update for java CESA-2012:1223 centos6
2012-09-04 00:00:00
openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2012:1154-1)
2013-03-11 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2012-09-03 00:00:00
java-1.6.0-openjdk security update
2012-09-03 00:00:00
java-1.6.0-openjdk security update
2012-09-03 00:00:00
zdi
zdi
Oracle Java java.beans.Statement Remote Code Execution Vulnerability
2012-12-21 00:00:00
seebug
seebug
Oracle Sun JRE 1.x θΏœη¨‹JRE漏洞
2012-09-04 00:00:00
centos
centos
java security update
2012-09-03 14:36:46
java security update
2012-09-03 14:26:49
prion
prion
Design/Logic Flaw
2012-08-30 23:55:00
Design/Logic Flaw
2012-08-30 23:55:00
Design/Logic Flaw
2012-08-28 00:55:00
amazon
amazon
Important: java-1.6.0-openjdk
2012-09-04 10:22:00
ubuntucve
ubuntucve
CVE-2012-3136
2012-08-30 00:00:00
CVE-2012-1682
2012-09-03 00:00:00
CVE-2012-4681
2012-08-28 00:00:00
cve
cve
CVE-2012-1682
2012-08-30 23:55:00
CVE-2012-3136
2012-08-30 23:55:00
CVE-2012-4681
2012-08-28 00:55:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2012-09-03 00:00:00
threatpost
threatpost
Nasty New Java Zero Day Found; Exploit Kits Already Have It
2013-01-10 15:15:21
Oracle Releases Fix For Java CVE-2012-4681 Flaw
2012-08-30 18:12:34
Newest Java 7 Update Still Exploitable, Researcher Says
2012-09-04 15:08:53
canvas
canvas
Immunity Canvas: JAVA_FORNAME_GETFIELD
2012-08-28 00:55:00
fedora
fedora
[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.6-2.3.1.fc17.2
2012-09-03 22:53:20
[SECURITY] Fedora 18 Update: java-1.7.0-openjdk-1.7.0.6-2.3.1.fc18.2
2012-09-17 22:40:47
[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.fc17
2013-06-20 02:29:10
attackerkb
attackerkb
Java 7 Applet Remote Code Execution
2012-08-28 00:00:00
CVE-2012-4681
2012-08-28 00:00:00
CVE-2013-0422
2013-01-10 00:00:00
cisa_kev
cisa_kev
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
2022-03-03 00:00:00
saint
saint
Oracle Java findMethod findClass Security Bypass
2012-08-30 00:00:00
Oracle Java findMethod findClass Security Bypass
2012-08-30 00:00:00
Oracle Java findMethod findClass Security Bypass
2012-08-30 00:00:00
securityvulns
securityvulns
Java environment limitations bypass
2012-09-02 00:00:00
[SE-2012-01] New security issue affecting Java SE 7 Update 7
2012-09-02 00:00:00
[security bulletin] HPSBUX02825 SSRT100974 rev.1 - HP-UX Running Java, Remote Indirect Vulnerabilities
2012-10-30 00:00:00
freebsd
freebsd
Java 1.7 -- security manager bypass
2012-08-27 00:00:00
checkpoint_advisories
checkpoint_advisories
Java 7 Applet RCE Gondvv (CVE-2012-4681)
2012-08-28 00:00:00
Preemptive Protection against Oracle JRE Restrictions Bypass Remote Code Execution (CVE-2012-4681)
2012-10-01 00:00:00
thn
thn
Oracle releases patches for Java vulnerability CVE-2012-4681
2012-08-31 22:39:00
Exploit Packs updated with New Java Zero-Day vulnerability
2013-01-10 18:09:00
Exploit Packs updated with New Java Zero-Day vulnerability
2013-01-10 07:09:00
cisa
cisa
US-CERT Releases Oracle Java JRE 1.7 Security Advisory
2012-08-28 00:00:00
metasploit
metasploit
Java 7 Applet Remote Code Execution
2012-08-27 09:25:04
myhack58
myhack58
The New Year initial, Java break first 0day-vulnerability warning-the black bar safety net
2013-01-11 00:00:00
cert
cert
Oracle Java JRE 1.7 Expression.execute() and SunToolkit.getField() fail to restrict access to privileged code
2012-08-27 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:41:05
Arbitrary Code Execution
2019-05-02 04:41:05
Authorization Bypass
2019-05-02 04:41:06
securelist
securelist
Investigation Report for the September 2014 Equation malware detection incident in the US
2017-11-16 10:00:34

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON
Related for CESA-2012:1223
suse5nessus36redhat7openvas54oraclelinux3zdi1seebug1centos2prion5amazon1ubuntucve5cve6ubuntu1threatpost13canvas1fedora12attackerkb3cisa_kev1saint4securityvulns4freebsd1checkpoint_advisories2thn4cisa1metasploit1myhack581cert1veracode22securelist1