Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2011:0856
HistoryJun 08, 2011 - 12:00 a.m.

(RHSA-2011:0856) Critical: java-1.6.0-openjdk security update

2011-06-0800:00:00
access.redhat.com
10

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.027 Low

EPSS

Percentile

89.4%

JSON

These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.

Integer overflow flaws were found in the way Java2D parsed JPEG images and
user-supplied fonts. An attacker could use these flaws to execute arbitrary
code with the privileges of the user running an untrusted applet or
application. (CVE-2011-0862)

It was found that the MediaTracker implementation created Component
instances with unnecessary access privileges. A remote attacker could use
this flaw to elevate their privileges by utilizing an untrusted applet or
application that uses Swing. (CVE-2011-0871)

A flaw was found in the HotSpot component in OpenJDK. Certain bytecode
instructions confused the memory management within the Java Virtual Machine
(JVM), resulting in an applet or application crashing. (CVE-2011-0864)

An information leak flaw was found in the NetworkInterface class. An
untrusted applet or application could use this flaw to access information
about available network interfaces that should only be available to
privileged code. (CVE-2011-0867)

An incorrect float-to-long conversion, leading to an overflow, was found
in the way certain objects (such as images and text) were transformed in
Java2D. A remote attacker could use this flaw to crash an untrusted applet
or application that uses Java2D. (CVE-2011-0868)

It was found that untrusted applets and applications could misuse a SOAP
connection to incorrectly set global HTTP proxy settings instead of
setting them in a local scope. This flaw could be used to intercept HTTP
requests. (CVE-2011-0869)

A flaw was found in the way signed objects were deserialized. If trusted
and untrusted code were running in the same Java Virtual Machine (JVM), and
both were deserializing the same signed object, the untrusted code could
modify said object by using this flaw to bypass the validation checks on
signed objects. (CVE-2011-0865)

All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat6i686java-1.6.0-openjdk-devel< 1.6.0.0-1.39.1.9.8.el6_1java-1.6.0-openjdk-devel-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
RedHat6x86_64java-1.6.0-openjdk-javadoc< 1.6.0.0-1.39.1.9.8.el6_1java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
RedHat6srcjava-1.6.0-openjdk< 1.6.0.0-1.39.1.9.8.el6_1java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.src.rpm
RedHat6x86_64java-1.6.0-openjdk-devel< 1.6.0.0-1.39.1.9.8.el6_1java-1.6.0-openjdk-devel-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
RedHat6i686java-1.6.0-openjdk-debuginfo< 1.6.0.0-1.39.1.9.8.el6_1java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
RedHat6i686java-1.6.0-openjdk-javadoc< 1.6.0.0-1.39.1.9.8.el6_1java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
RedHat6x86_64java-1.6.0-openjdk-src< 1.6.0.0-1.39.1.9.8.el6_1java-1.6.0-openjdk-src-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
RedHat6x86_64java-1.6.0-openjdk< 1.6.0.0-1.39.1.9.8.el6_1java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
RedHat6x86_64java-1.6.0-openjdk-debuginfo< 1.6.0.0-1.39.1.9.8.el6_1java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
RedHat6x86_64java-1.6.0-openjdk-demo< 1.6.0.0-1.39.1.9.8.el6_1java-1.6.0-openjdk-demo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
Rows per page:
1-10 of 131

Related

osv 2
openvas 47
securityvulns 13
nessus 46
centos 1
debian 2
redhat 7
suse 10
ubuntu 1
oraclelinux 2
fedora 8
cve 7
veracode 7
prion 7
ubuntucve 9
zdi 9
gentoo 2
vmware 2
oracle 1
osv
osv
openjdk-6 - several
2011-09-27 00:00:00
openjdk-6 - several
2011-12-05 00:00:00
openvas
openvas
CentOS Update for java CESA-2011:0857 centos5 x86_64
2012-07-30 00:00:00
RedHat Update for java-1.6.0-openjdk RHSA-2011:0857-01
2011-06-10 00:00:00
RedHat Update for java-1.6.0-openjdk RHSA-2011:0856-01
2012-06-06 00:00:00
securityvulns
securityvulns
Oracle Sun Java multiple security vulnerabilities
2011-08-17 00:00:00
[ MDVSA-2011:126 ] java-1.6.0-openjdk
2011-08-17 00:00:00
ZDI-11-188: Oracle Java ICC Profile ncl2 Count Tag Parsing Remote Code Execution Vulnerability
2011-06-10 00:00:00
nessus
nessus
Fedora 15 : java-1.6.0-openjdk-1.6.0.0-58.1.10.2.fc15 (2011-8028)
2011-06-16 00:00:00
Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:126)
2011-08-16 00:00:00
CentOS 5 : java-1.6.0-openjdk (CESA-2011:0857)
2011-06-14 00:00:00
centos
centos
java security update
2011-06-13 14:03:30
debian
debian
[SECURITY] [DSA 2311-1] openjdk-6 security update
2011-09-27 20:10:30
[SECURITY] [DSA 2358-1] openjdk-6 security update
2011-12-05 19:26:27
redhat
redhat
(RHSA-2011:0857) Important: java-1.6.0-openjdk security update
2011-06-08 00:00:00
(RHSA-2011:0860) Critical: java-1.6.0-sun security update
2011-06-08 00:00:00
(RHSA-2011:0938) Critical: java-1.6.0-ibm security update
2011-07-15 00:00:00
suse
suse
java-1_6_0-openjdk (important)
2011-06-28 13:08:22
Oracle Java 26 (critical)
2011-06-14 19:08:17
Sun/Oracle Java (critical)
2011-06-14 19:08:14
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2011-06-17 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2011-06-08 00:00:00
java-1.6.0-openjdk security update
2011-06-08 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: java-1.6.0-openjdk-1.6.0.0-58.1.10.2.fc15
2011-06-15 05:44:07
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-51.1.8.8.fc13
2011-06-15 05:33:46
[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-53.1.9.8.fc14
2011-06-11 04:18:13
cve
cve
CVE-2011-0869
2011-06-14 18:55:00
CVE-2011-0862
2011-06-14 18:55:00
CVE-2011-0867
2011-06-14 18:55:00
veracode
veracode
Information Disclosure
2019-05-02 04:55:58
Arbitrary Code Execution
2019-05-02 04:55:57
Information Disclosure
2019-05-02 04:55:58
prion
prion
Design/Logic Flaw
2011-06-14 18:55:00
Design/Logic Flaw
2011-06-14 18:55:00
Design/Logic Flaw
2011-06-14 18:55:00
ubuntucve
ubuntucve
CVE-2011-0869
2011-06-14 00:00:00
CVE-2011-0862
2011-06-14 00:00:00
CVE-2011-0867
2011-06-14 00:00:00
zdi
zdi
Oracle Java ICC Profile ncl2 DevCoords Tag Parsing Remote Code Execution Vulnerability
2011-06-08 00:00:00
Oracle Java ICC Screening Tag Parsing Remote Code Execution Vulnerability
2011-06-08 00:00:00
Oracle Java ICC Profile Sequence Description 'pseq' Tag Parsing Remote Code Execution Vulnerability
2011-06-08 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2011-11-05 00:00:00
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
vmware
vmware
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2011
2011-12-15 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.027 Low

EPSS

Percentile

89.4%

JSON
Related for RHSA-2011:0856
osv2openvas47securityvulns13nessus46centos1debian2redhat7suse10ubuntu1oraclelinux2fedora8cve7veracode7prion7ubuntucve9zdi9gentoo2vmware2oracle1