10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.9%
CentOS Errata and Security Advisory CESA-2013:0165
These packages provide the OpenJDK 7 Java Runtime Environment and the
OpenJDK 7 Software Development Kit.
Two improper permission check issues were discovered in the reflection API
in OpenJDK. An untrusted Java application or applet could use these flaws
to bypass Java sandbox restrictions. (CVE-2012-3174, CVE-2013-0422)
This erratum also upgrades the OpenJDK package to IcedTea7 2.3.4. Refer to
the NEWS file, linked to in the References, for further information.
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2013-January/081365.html
https://lists.centos.org/pipermail/centos-announce/2013-January/081366.html
Affected packages:
java-1.7.0-openjdk
java-1.7.0-openjdk-demo
java-1.7.0-openjdk-devel
java-1.7.0-openjdk-javadoc
java-1.7.0-openjdk-src
Upstream details at:
https://access.redhat.com/errata/RHSA-2013:0165