This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours

Bug 706248 (CVE-2011-0871)

Summary: CVE-2011-0871 OpenJDK: MediaTracker created Component instances with unnecessary privileges (Swing, 7020198)
Product: [Other] Security Response Reporter: Marc Schoenefeld <mschoene>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: ahughes, aph, dbhole, jlieskov, jvanek, mjc, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: public=20110607,reported=20110518,source=oracle,impact=critical,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-sun=affected,rhel-5/java-1.6.0-sun=affected,rhel-4/java-1.6.0-sun=affected,rhel-4/java-1.4.2-ibm=affected,rhel-5/java-1.4.2-ibm=affected,rhel-4/java-1.5.0-ibm=affected,rhel-5/java-1.5.0-ibm=affected,rhel-6/java-1.5.0-ibm=affected,rhel-4/java-1.6.0-ibm=affected,rhel-5/java-1.6.0-ibm=affected,rhel-6/java-1.6.0-ibm=affected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-29 08:47:20 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On: 668488, 676275, 709375, 709376, 711408, 711409, 711410, 720963, 720964, 720965, 723824, 723825, 723826, 729588, 729589, 729907, 729908, 729909    
Bug Blocks:    

Description Marc Schoenefeld 2011-05-19 16:48:23 EDT
It was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing.
Comment 7 errata-xmlrpc 2011-06-08 10:31:52 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0856 https://rhn.redhat.com/errata/RHSA-2011-0856.html
Comment 8 errata-xmlrpc 2011-06-08 10:53:52 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2011:0857 https://rhn.redhat.com/errata/RHSA-2011-0857.html
Comment 9 errata-xmlrpc 2011-06-08 11:25:19 EDT
This issue has been addressed in following products:

  Extras for RHEL 4
  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2011:0860 https://rhn.redhat.com/errata/RHSA-2011-0860.html
Comment 11 errata-xmlrpc 2011-07-15 01:57:25 EDT
This issue has been addressed in following products:

  Extras for RHEL 4
  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2011:0938 https://rhn.redhat.com/errata/RHSA-2011-0938.html
Comment 12 errata-xmlrpc 2011-07-22 18:54:43 EDT
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6
  Extras for RHEL 4
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2011:1087 https://rhn.redhat.com/errata/RHSA-2011-1087.html
Comment 13 errata-xmlrpc 2011-08-15 13:49:48 EDT
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5
  Extras for RHEL 4

Via RHSA-2011:1159 https://rhn.redhat.com/errata/RHSA-2011-1159.html
Comment 14 errata-xmlrpc 2011-09-06 17:20:23 EDT
This issue has been addressed in following products:

  RHEL 4 for SAP
  RHEL 5 for SAP
  RHEL 6 for SAP

Via RHSA-2011:1265 https://rhn.redhat.com/errata/RHSA-2011-1265.html
Comment 15 errata-xmlrpc 2013-10-23 12:58:23 EDT
This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.4

Via RHSA-2013:1455 https://rhn.redhat.com/errata/RHSA-2013-1455.html