Bug 706139 (CVE-2011-0862)
Summary: | CVE-2011-0862 OpenJDK: integer overflows in JPEGImageReader and font SunLayoutEngine (2D, 7013519) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marc Schoenefeld <mschoene> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | unspecified | CC: | ahughes, aph, dbhole, jlieskov, jvanek, mjc, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-07-29 12:47:13 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 668488, 676275, 709375, 709376, 711408, 711409, 711410, 720963, 720964, 720965, 723824, 723825, 723826, 729588, 729589, 729907, 729908, 729909 | ||
Bug Blocks: |
Description
Marc Schoenefeld
2011-05-19 15:33:29 UTC
Two integer overflow flaws were corrected in Java2D: - in the native code for theJPEGImageReader - in the native code for the font SunLayoutEngine Public now via Oracle CPU June 2011: http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html Also fixed in IcedTea6 versions 1.8.8, 1.9.8 and 1.10.2: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-June/014607.html Patch: http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/8d393fbff5d3/patches/security/20110607/7013519.patch Note: IcedTea announcement also mentions CVE-2011-0822. That CVE id was planned to be used to refer to one of the two issue, but CVE-2011-0862 was finally used to refer to both. This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0856 https://rhn.redhat.com/errata/RHSA-2011-0856.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:0857 https://rhn.redhat.com/errata/RHSA-2011-0857.html This issue has been addressed in following products: Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2011:0860 https://rhn.redhat.com/errata/RHSA-2011-0860.html CVE id CVE-2011-0862 was also used for additional integer overflows in the non-open sourced ICC parser. ZDI has published several advisories for those problems. Oracle Java ICC Profile MultiLanguage 'mluc' Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-183/ Oracle Java ICC Profile Sequence Description 'pseq' Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-184/ Oracle Java ICC Profile 'bfd ' Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-185/ Oracle Java ICC Profile Multi-Language 'curv' Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-186/ Oracle Java ICC Profile clrt Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-187/ Oracle Java ICC Profile ncl2 Count Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-188/ Oracle Java ICC Profile ncl2 DevCoords Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-189/ Oracle Java ICC Profile 'crdi' Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-190/ Oracle Java ICC Screening Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-191/ Yet another advisory for ICC parsing issues: Oracle Java ICC Profile rcs2 Tag Parsing Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-11-06 This issue has been addressed in following products: Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2011:0938 https://rhn.redhat.com/errata/RHSA-2011-0938.html This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 5 Via RHSA-2011:1087 https://rhn.redhat.com/errata/RHSA-2011-1087.html This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Extras for RHEL 4 Via RHSA-2011:1159 https://rhn.redhat.com/errata/RHSA-2011-1159.html This issue has been addressed in following products: RHEL 4 for SAP RHEL 5 for SAP RHEL 6 for SAP Via RHSA-2011:1265 https://rhn.redhat.com/errata/RHSA-2011-1265.html This issue has been addressed in following products: Red Hat Network Satellite Server v 5.4 Via RHSA-2013:1455 https://rhn.redhat.com/errata/RHSA-2013-1455.html |