Bug 766802 - VUL-0: java-1_6_0-openjdk: multiple vulnerabilities (tracker bug)
VUL-0: java-1_6_0-openjdk: multiple vulnerabilities (tracker bug)
Status: RESOLVED FIXED
: 767021 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P1 - Urgent : Critical
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:sle11-sp1:47853
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-13 08:36 UTC by Matthias Weckbecker
Modified: 2015-02-18 20:34 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Weckbecker 2012-06-13 08:36:49 UTC
There have recently been multiple vulnerabilities reported in java-1_6_0-openjdk:

1) CVE-2012-1725: insufficient invokespecial <init> verification
(HotSpot, 7160757)

2) CVE-2012-1723: insufficient field accessibility checks
(HotSpot, 7152811)

3) CVE-2012-1713: fontmanager layout lookup code memory corruption
(2D, 7143617)

4) CVE-2012-1716: SynthLookAndFeel application context bypass
(Swing, 7143614)

5) CVE-2012-1711: improper protection of CORBA data models
(CORBA, 7079902)

6) CVE-2012-1724: XML parsing infinite loop (JAXP, 7157609)

7) CVE-2012-1719: mutable repository identifiers in generated stub code
(CORBA, 7143851)

8) CVE-2012-1717: insecure temporary file permissions (JRE, 7143606)
Comment 1 Swamp Workflow Management 2012-06-13 08:56:41 UTC
The SWAMPID for this issue is 47828.
This issue was rated as important.
Please submit fixed packages until 2012-06-20.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 2 Ludwig Nussel 2012-06-14 07:26:40 UTC
*** Bug 767021 has been marked as a duplicate of this bug. ***
Comment 3 Michal Vyskocil 2012-06-14 12:26:51 UTC
packages has been submitted

sled: 19713
11.4: 124943
12.1: 124938

factory: 124698 (delete request)

@wolfgang, evergreen versions are in home:branches:mvyskocil:OBS_Maintained:java-1_6_0-openjdk
Comment 4 Michal Vyskocil 2012-06-14 12:27:15 UTC
 * fortgot to reassign *
Comment 5 Michal Vyskocil 2012-06-14 12:37:35 UTC
argh, Ludwig points me there were no bnc number in chages, fixed by 

sled: 19717
11.4: 124966
12.1: 124968
Comment 6 Bernhard Wiedemann 2012-06-14 13:00:16 UTC
This is an autogenerated message for OBS integration:
This bug (766802) was mentioned in
https://build.opensuse.org/request/show/124973 Evergreen:11.1 / java-1_6_0-openjdk
Comment 9 Swamp Workflow Management 2012-06-19 17:00:15 UTC
Update released for: java-1_6_0-openjdk, java-1_6_0-openjdk-debuginfo, java-1_6_0-openjdk-debugsource, java-1_6_0-openjdk-demo, java-1_6_0-openjdk-devel, java-1_6_0-openjdk-javadoc, java-1_6_0-openjdk-src
Products:
SLE-DEBUGINFO 11-SP1 (i386, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-DESKTOP 11-SP1-FOR-SP2 (i386, x86_64)
Comment 10 Bernhard Wiedemann 2012-06-19 18:00:09 UTC
This is an autogenerated message for OBS integration:
This bug (766802) was mentioned in
https://build.opensuse.org/request/show/125468 Evergreen:11.1 / java-1_6_0-openjdk
Comment 15 Sebastian Krahmer 2012-07-04 06:56:56 UTC
done
Comment 16 Swamp Workflow Management 2012-07-04 07:09:16 UTC
openSUSE-SU-2012:0828-1: An update that fixes 9 vulnerabilities is now available.

Category: security (critical)
Bug References: 766802
CVE References: CVE-2012-1711,CVE-2012-1713,CVE-2012-1716,CVE-2012-1717,CVE-2012-1718,CVE-2012-1719,CVE-2012-1723,CVE-2012-1724,CVE-2012-1725
Sources used:
openSUSE 12.1 (src):    java-1_6_0-openjdk-1.6.0.0_b24.1.11.3-6.2
openSUSE 11.4 (src):    java-1_6_0-openjdk-1.6.0.0_b24.1.11.3-0.11.2
Comment 17 Bernhard Wiedemann 2012-07-13 08:00:07 UTC
This is an autogenerated message for OBS integration:
This bug (766802) was mentioned in
https://build.opensuse.org/request/show/127800 Evergreen:11.2 / java-1_6_0-openjdk