Описание
ELSA-2012-1223: java-1.7.0-openjdk security update (IMPORTANT)
[1.7.0.5-2.2.1.0.1.el6_3.3]
- Modify DISTRO_NAME for Oracle
[1.7.0.5-2.2.1.el6.3]
- Removed patch 304 java-1.7.0-openjdk-beans-isPackageAccessible.patch
- Applied upstream patches for same issue: patch 1001 sec-webrevs-openjdk7-29_aug_2012-7162473.patch patch 1002 sec-webrevs-openjdk7-29_aug_2012-7162476.patch patch 1003 sec-webrevs-openjdk7-29_aug_2012-7163201.patch patch 1004 sec-webrevs-openjdk7-29_aug_2012-7194567.patch patch 1005 sec-webrevs-openjdk7-29_aug_2012-78e01a6ca8d3.patch
- Resolves: rhbz#852299
[1.7.0.5-2.2.1.1.el6]
- Added patch 304 java-1.7.0-openjdk-beans-isPackageAccessible.patch to fix vulnerability until it is fixed in upstream sources.
- Resolves: rhbz#852299
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
java-1.7.0-openjdk
1.7.0.5-2.2.1.0.1.el6_3.3
java-1.7.0-openjdk-demo
1.7.0.5-2.2.1.0.1.el6_3.3
java-1.7.0-openjdk-devel
1.7.0.5-2.2.1.0.1.el6_3.3
java-1.7.0-openjdk-javadoc
1.7.0.5-2.2.1.0.1.el6_3.3
java-1.7.0-openjdk-src
1.7.0.5-2.2.1.0.1.el6_3.3
Oracle Linux i686
java-1.7.0-openjdk
1.7.0.5-2.2.1.0.1.el6_3.3
java-1.7.0-openjdk-demo
1.7.0.5-2.2.1.0.1.el6_3.3
java-1.7.0-openjdk-devel
1.7.0.5-2.2.1.0.1.el6_3.3
java-1.7.0-openjdk-javadoc
1.7.0.5-2.2.1.0.1.el6_3.3
java-1.7.0-openjdk-src
1.7.0.5-2.2.1.0.1.el6_3.3
Связанные CVE
Связанные уязвимости
ELSA-2012-1222: java-1.6.0-openjdk security update (IMPORTANT)
ELSA-2012-1221: java-1.6.0-openjdk security update (CRITICAL)
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited." NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "toolkit internals references."
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited." NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "toolkit internals references."
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited." NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "toolkit internals references."