Bug 1150155 (CVE-2014-6506)
Summary: | CVE-2014-6506 OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | dbhole, jvanek, omajid, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-11-24 17:15:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1148726 |
Description
Tomas Hoger
2014-10-07 14:24:54 UTC
Public now via Oracle Critical Patch Update - October 2014. Fixed in Oracle Java SE 5.0u75, 6u85, 7u71, and 8u25. External References: http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2014:1633 https://rhn.redhat.com/errata/RHSA-2014-1633.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2014:1620 https://rhn.redhat.com/errata/RHSA-2014-1620.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 5 Via RHSA-2014:1634 https://rhn.redhat.com/errata/RHSA-2014-1634.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2014:1636 https://rhn.redhat.com/errata/RHSA-2014-1636.html This issue was fixed in IcedTea6 1.13.5 and IcedTea7 2.5.3: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-October/029884.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-October/029889.html Upstream OpenJDK commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/9c8128ec5776 This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 6 Oracle Java for Red Hat Enterprise Linux 5 Via RHSA-2014:1658 https://rhn.redhat.com/errata/RHSA-2014-1658.html This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 6 Oracle Java for Red Hat Enterprise Linux 5 Via RHSA-2014:1657 https://rhn.redhat.com/errata/RHSA-2014-1657.html This issue has been addressed in the following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2014:1877 https://rhn.redhat.com/errata/RHSA-2014-1877.html This issue has been addressed in the following products: Supplementary for Red Hat Enterprise Linux 5 Via RHSA-2014:1876 https://rhn.redhat.com/errata/RHSA-2014-1876.html This issue has been addressed in the following products: Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2014:1882 https://rhn.redhat.com/errata/RHSA-2014-1882.html This issue has been addressed in the following products: Supplementary for Red Hat Enterprise Linux 6 Supplementary for Red Hat Enterprise Linux 7 Via RHSA-2014:1880 https://rhn.redhat.com/errata/RHSA-2014-1880.html This issue has been addressed in the following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2014:1881 https://rhn.redhat.com/errata/RHSA-2014-1881.html This issue has been addressed in the following products: Red Hat Satellite Server v 5.6 Via RHSA-2015:0264 https://rhn.redhat.com/errata/RHSA-2015-0264.html |