Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-2311-1:3A8CD
HistorySep 27, 2011 - 8:10 p.m.

[SECURITY] [DSA 2311-1] openjdk-6 security update

2011-09-2720:10:30
lists.debian.org
19

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

87.9%

JSON

Debian Security Advisory DSA-2311-1 [email protected]
http://www.debian.org/security/ Florian Weimer
September 27, 2011 http://www.debian.org/security/faq

Package : openjdk-6
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871
Debian Bug : 629852

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Java SE platform. The Common Vulnerabilities
and Exposures project identifies the following problems:

CVE-2011-0862
Integer overflow errors in the JPEG and font parser allow
untrusted code (including applets) to elevate its privileges.

CVE-2011-0864
Hotspot, the just-in-time compiler in OpenJDK, mishandled
certain byte code instructions, allowing untrusted code
(including applets) to crash the virtual machine.

CVE-2011-0865
A race condition in signed object deserialization could
allow untrusted code to modify signed content, apparently
leaving its signature intact.

CVE-2011-0867
Untrusted code (including applets) could access information
about network interfaces which was not intended to be public.
(Note that the interface MAC address is still available to
untrusted code.)

CVE-2011-0868
A float-to-long conversion could overflow, , allowing
untrusted code (including applets) to crash the virtual
machine.

CVE-2011-0869
Untrusted code (including applets) could intercept HTTP
requests by reconfiguring proxy settings through a SOAP
connection.

CVE-2011-0871
Untrusted code (including applets) could elevate its
privileges through the Swing MediaTracker code.

In addition, this update removes support for the Zero/Shark and Cacao
Hotspot variants from the i386 and amd64 due to stability issues.
These Hotspot variants are included in the openjdk-6-jre-zero and
icedtea-6-jre-cacao packages, and these packages must be removed
during this update.

For the oldstable distribution (lenny), these problems will be fixed
in a separate DSA for technical reasons.

For the stable distribution (squeeze), these problems have been fixed
in version 6b18-1.8.9-0.1~squeeze1.

For the testing distribution (wheezy) and the unstable distribution
(sid(, these problems have been fixed in version 6b18-1.8.9-0.1.

We recommend that you upgrade your OpenJDK packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian5allopenjdk-6< 6b18-1.8.10-0~lenny2openjdk-6_6b18-1.8.10-0~lenny2_all.deb
Debian6armelopenjdk-6-jre-zero< 6b18-1.8.9-0.1~squeeze1openjdk-6-jre-zero_6b18-1.8.9-0.1~squeeze1_armel.deb
Debian6mipsopenjdk-6-dbg< 6b18-1.8.9-0.1~squeeze1openjdk-6-dbg_6b18-1.8.9-0.1~squeeze1_mips.deb
Debian5amd64openjdk-6-jre< 6b18-1.8.10-0~lenny2openjdk-6-jre_6b18-1.8.10-0~lenny2_amd64.deb
Debian6i386openjdk-6-jre-headless< 6b18-1.8.9-0.1~squeeze1openjdk-6-jre-headless_6b18-1.8.9-0.1~squeeze1_i386.deb
Debian6allsun-java6-fonts< 6.26-0squeeze1sun-java6-fonts_6.26-0squeeze1_all.deb
Debian5mipselopenjdk-6-jre-headless< 6b18-1.8.10-0~lenny2openjdk-6-jre-headless_6b18-1.8.10-0~lenny2_mipsel.deb
Debian6amd64sun-java6-demo< 6.26-0squeeze1sun-java6-demo_6.26-0squeeze1_amd64.deb
Debian6s390openjdk-6-demo< 6b18-1.8.9-0.1~squeeze1openjdk-6-demo_6b18-1.8.9-0.1~squeeze1_s390.deb
Debian5i386openjdk-6-jre< 6b18-1.8.10-0~lenny2openjdk-6-jre_6b18-1.8.10-0~lenny2_i386.deb
Rows per page:
1-10 of 1101

Related

osv 2
securityvulns 13
nessus 46
openvas 47
redhat 8
centos 1
suse 10
oraclelinux 2
fedora 8
ubuntu 1
debian 1
veracode 7
cve 7
prion 7
ubuntucve 9
zdi 9
gentoo 2
vmware 2
oracle 1
osv
osv
openjdk-6 - several
2011-09-27 00:00:00
openjdk-6 - several
2011-12-05 00:00:00
securityvulns
securityvulns
Oracle Sun Java multiple security vulnerabilities
2011-08-17 00:00:00
[ MDVSA-2011:126 ] java-1.6.0-openjdk
2011-08-17 00:00:00
ZDI-11-190: Oracle Java ICC Profile &#39;crdi&#39; Tag Parsing Remote Code Execution Vulnerability
2011-06-10 00:00:00
nessus
nessus
Fedora 15 : java-1.6.0-openjdk-1.6.0.0-58.1.10.2.fc15 (2011-8028)
2011-06-16 00:00:00
Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2011-0857)
2013-07-12 00:00:00
RHEL 5 : java-1.6.0-openjdk (RHSA-2011:0857)
2011-06-09 00:00:00
openvas
openvas
CentOS Update for java CESA-2011:0857 centos5 x86_64
2012-07-30 00:00:00
RedHat Update for java-1.6.0-openjdk RHSA-2011:0857-01
2011-06-10 00:00:00
RedHat Update for java-1.6.0-openjdk RHSA-2011:0857-01
2011-06-10 00:00:00
redhat
redhat
(RHSA-2011:0857) Important: java-1.6.0-openjdk security update
2011-06-08 00:00:00
(RHSA-2011:0856) Critical: java-1.6.0-openjdk security update
2011-06-08 00:00:00
(RHSA-2011:0860) Critical: java-1.6.0-sun security update
2011-06-08 00:00:00
centos
centos
java security update
2011-06-13 14:03:30
suse
suse
java-1_6_0-openjdk (important)
2011-06-28 13:08:22
Sun/Oracle Java (critical)
2011-06-14 19:08:14
Oracle Java 26 (critical)
2011-06-14 19:08:17
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2011-06-08 00:00:00
java-1.6.0-openjdk security update
2011-06-08 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: java-1.6.0-openjdk-1.6.0.0-58.1.10.2.fc15
2011-06-15 05:44:07
[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-53.1.9.8.fc14
2011-06-11 04:18:13
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-51.1.8.8.fc13
2011-06-15 05:33:46
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2011-06-17 00:00:00
debian
debian
[SECURITY] [DSA 2358-1] openjdk-6 security update
2011-12-05 19:26:27
veracode
veracode
Information Disclosure
2019-05-02 04:55:58
Arbitrary Code Execution
2019-05-02 04:55:57
Information Disclosure
2019-05-02 04:55:58
cve
cve
CVE-2011-0869
2011-06-14 18:55:00
CVE-2011-0867
2011-06-14 18:55:00
CVE-2011-0864
2011-06-14 18:55:00
prion
prion
Design/Logic Flaw
2011-06-14 18:55:00
Design/Logic Flaw
2011-06-14 18:55:00
Design/Logic Flaw
2011-06-14 18:55:00
ubuntucve
ubuntucve
CVE-2011-0867
2011-06-14 00:00:00
CVE-2011-0869
2011-06-14 00:00:00
CVE-2011-0862
2011-06-14 00:00:00
zdi
zdi
Oracle Java ICC Profile Sequence Description 'pseq' Tag Parsing Remote Code Execution Vulnerability
2011-06-08 00:00:00
Oracle Java ICC Screening Tag Parsing Remote Code Execution Vulnerability
2011-06-08 00:00:00
Oracle Java ICC Profile ncl2 DevCoords Tag Parsing Remote Code Execution Vulnerability
2011-06-08 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2011-11-05 00:00:00
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
vmware
vmware
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2011
2011-12-15 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

87.9%

JSON
Related for DEBIAN:DSA-2311-1:3A8CD
osv2securityvulns13nessus46openvas47redhat8centos1suse10oraclelinux2fedora8ubuntu1debian1veracode7cve7prion7ubuntucve9zdi9gentoo2vmware2oracle1