Bug 706248 (CVE-2011-0871)

Summary: CVE-2011-0871 OpenJDK: MediaTracker created Component instances with unnecessary privileges (Swing, 7020198)
Product: [Other] Security Response Reporter: Marc Schoenefeld <mschoene>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: ahughes, aph, dbhole, jlieskov, jvanek, mjc, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-29 12:47:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 668488, 676275, 709375, 709376, 711408, 711409, 711410, 720963, 720964, 720965, 723824, 723825, 723826, 729588, 729589, 729907, 729908, 729909    
Bug Blocks:    

Description Marc Schoenefeld 2011-05-19 20:48:23 UTC
It was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing.

Comment 7 errata-xmlrpc 2011-06-08 14:31:52 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0856 https://rhn.redhat.com/errata/RHSA-2011-0856.html

Comment 8 errata-xmlrpc 2011-06-08 14:53:52 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2011:0857 https://rhn.redhat.com/errata/RHSA-2011-0857.html

Comment 9 errata-xmlrpc 2011-06-08 15:25:19 UTC
This issue has been addressed in following products:

  Extras for RHEL 4
  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2011:0860 https://rhn.redhat.com/errata/RHSA-2011-0860.html

Comment 11 errata-xmlrpc 2011-07-15 05:57:25 UTC
This issue has been addressed in following products:

  Extras for RHEL 4
  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2011:0938 https://rhn.redhat.com/errata/RHSA-2011-0938.html

Comment 12 errata-xmlrpc 2011-07-22 22:54:43 UTC
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6
  Extras for RHEL 4
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2011:1087 https://rhn.redhat.com/errata/RHSA-2011-1087.html

Comment 13 errata-xmlrpc 2011-08-15 17:49:48 UTC
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5
  Extras for RHEL 4

Via RHSA-2011:1159 https://rhn.redhat.com/errata/RHSA-2011-1159.html

Comment 14 errata-xmlrpc 2011-09-06 21:20:23 UTC
This issue has been addressed in following products:

  RHEL 4 for SAP
  RHEL 5 for SAP
  RHEL 6 for SAP

Via RHSA-2011:1265 https://rhn.redhat.com/errata/RHSA-2011-1265.html

Comment 15 errata-xmlrpc 2013-10-23 16:58:23 UTC
This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.4

Via RHSA-2013:1455 https://rhn.redhat.com/errata/RHSA-2013-1455.html