Bug 790724 (CVE-2012-0500)
Summary: | CVE-2012-0500 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (Deployment) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | unspecified | CC: | dbhole, jvanek |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-04-25 07:02:53 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 788202, 788203, 788204, 788205, 788206, 813689, 813690, 813691, 813692 | ||
Bug Blocks: | 786724 |
Description
Tomas Hoger
2012-02-15 09:24:28 UTC
TELUS Security Labs VR advisory for this issue: http://seclists.org/fulldisclosure/2012/Feb/251 http://telussecuritylabs.com/threats/show/TSL20120214-01 This issue has been addressed in following products: Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:0139 https://rhn.redhat.com/errata/RHSA-2012-0139.html (In reply to comment #1) > TELUS Security Labs VR advisory for this issue: > > http://seclists.org/fulldisclosure/2012/Feb/251 > http://telussecuritylabs.com/threats/show/TSL20120214-01 This advisory now links ZDI-12-037 and ZDI-12-039: Oracle Java Web Start JNLP Double Quote Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-037/ Oracle Java Web Start java-vm-args Command Argument Injection Remote Code Execution http://www.zerodayinitiative.com/advisories/ZDI-12-039/ This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:0514 https://rhn.redhat.com/errata/RHSA-2012-0514.html (In reply to comment #7) > Oracle Java Web Start JNLP Double Quote Remote Code Execution Vulnerability > http://www.zerodayinitiative.com/advisories/ZDI-12-037/ > > Oracle Java Web Start java-vm-args Command Argument Injection Remote Code > Execution > http://www.zerodayinitiative.com/advisories/ZDI-12-039/ Also confirmed now by: http://www.attrition.org/pipermail/vim/2012-June/002572.html This issue has been addressed in following products: Red Hat Network Satellite Server v 5.4 Via RHSA-2013:1455 https://rhn.redhat.com/errata/RHSA-2013-1455.html |