Red Hat Security Advisory: java-1.7.0-openjdk security update Security Advisory secalert@redhat.com Red Hat Security Response Team RHSA-2012:1223 Final 1 1 2012-09-03T12:46:00Z Current version 2012-09-03T12:46:00Z 2012-09-03T12:46:00Z Red Hat rhsa-to-cvrf 1.0.1484 2012-09-03T13:04:01Z Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-4681, CVE-2012-1682, CVE-2012-3136) A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions. (CVE-2012-0547) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. Please see https://www.redhat.com/footer/terms-of-use.html Copyright © 2012 Red Hat, Inc. All rights reserved. Important https://rhn.redhat.com/errata/RHSA-2012-1223.html https://rhn.redhat.com/errata/RHSA-2012-1223.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html Red Hat Enterprise Linux HPC Node Optional (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Workstation (v. 6) Red Hat Enterprise Linux Desktop Optional (v. 6) Red Hat Enterprise Linux Workstation Optional (v. 6) Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux Server Optional (v. 6) java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.src.rpm java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6) java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 as a component of Red Hat Enterprise Linux Server (v. 6) java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 as a component of Red Hat Enterprise Linux Workstation (v. 6) java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6) java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6) java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 as a component of Red Hat Enterprise Linux Desktop (v. 6) java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 as a component of Red Hat Enterprise Linux Server Optional (v. 6) A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions. 2012-08-30T00:00:00Z 2012-08-30T00:00:00Z CVE-2012-0547 6Client-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6Client-optional-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6ComputeNode-optional-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6Server-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6Server-optional-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6Workstation-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6Workstation-optional-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 Low Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1223.html https://www.redhat.com/security/data/cve/CVE-2012-0547.html CVE-2012-0547 https://bugzilla.redhat.com/show_bug.cgi?id=853228 bz#853228: CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201) Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. 2012-08-30T00:00:00Z 2012-08-30T00:00:00Z CVE-2012-1682 6Client-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6Client-optional-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6ComputeNode-optional-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6Server-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6Server-optional-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6Workstation-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6Workstation-optional-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 Critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1223.html http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html https://www.redhat.com/security/data/cve/CVE-2012-1682.html CVE-2012-1682 https://bugzilla.redhat.com/show_bug.cgi?id=853097 bz#853097: CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476) Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. 2012-08-30T00:00:00Z 2012-08-30T00:00:00Z CVE-2012-3136 6Client-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6Client-optional-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6ComputeNode-optional-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6Server-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6Server-optional-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6Workstation-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6Workstation-optional-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 Critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1223.html http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html https://www.redhat.com/security/data/cve/CVE-2012-3136.html CVE-2012-3136 https://bugzilla.redhat.com/show_bug.cgi?id=853138 bz#853138: CVE-2012-3136 OpenJDK: beans MethodElementHandler insufficient permission checks (beans, 7194567) Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. 2012-08-27T00:00:00Z 2012-08-27T00:00:00Z CVE-2012-4681 6Client-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6Client-optional-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6ComputeNode-optional-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6Server-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6Server-optional-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6Workstation-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 6Workstation-optional-6.3.z:java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3 Critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1223.html http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html https://www.redhat.com/security/data/cve/CVE-2012-4681.html CVE-2012-4681 https://bugzilla.redhat.com/show_bug.cgi?id=852051 bz#852051: CVE-2012-4681 OpenJDK: beans insufficient permission checks, Java 7 0day (beans, 7162473)