Bug 829358 (CVE-2012-1717)
Summary: | CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Stefan Cornelius <scorneli> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | ahughes, aph, dbhole, jrusnack, jvanek, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-10-03 15:39:36 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 828749, 828750, 828751, 828752, 828753, 828754, 828755, 828756, 828757, 828758, 828759, 828760, 854269, 854270, 854274, 854276, 854279, 854280, 854284, 854285, 854290, 854291, 854297, 854299, 854300, 854301, 856471, 856472, 856473 | ||
Bug Blocks: | 824458 |
Description
Stefan Cornelius
2012-06-06 14:37:07 UTC
Public now via: http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html Fixed in Oracle Java 7 Update 5 and 6 Update 33. The fix for this issue is or will be included in the following IcedTea versions: * IcedTea6 1.10.8 * IcedTea6 1.11.3 * IcedTea7 2.1.1 * IcedTea7 2.2.1 IcedTea6 releases announcement: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html http://blog.fuseyism.com/index.php/2012/06/12/security-icedtea6-1-10-8-1-11-3-released/ Patch: http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/6e6d7783aabb/patches/security/20120612/7143606.patch http://icedtea.classpath.org/hg/release/icedtea7-forest-2.1/jdk/rev/98a24555076b This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:0730 https://rhn.redhat.com/errata/RHSA-2012-0730.html This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0729 https://rhn.redhat.com/errata/RHSA-2012-0729.html This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Supplementary for Red Hat Enterprise Linux 5 Via RHSA-2012:0734 https://rhn.redhat.com/errata/RHSA-2012-0734.html According to Secunia SA49472, this is the issue for which Andrei Costin is credited in Oracle CPU: http://secunia.com/advisories/49472 14) An error in the printing functionality due to creating temporary spool files with insecure permissions can be exploited to disclose the contents of printed documents owned by other users. ... Provided and/or discovered by 14) Andrei Costin via Secunia. IcedTea7 releases announcement: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019094.html http://blog.fuseyism.com/index.php/2012/06/13/security-icedtea-2-1-1-2-2-1-released/ This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:1019 https://rhn.redhat.com/errata/RHSA-2012-1019.html This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:1009 https://rhn.redhat.com/errata/RHSA-2012-1009.html This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:1238 https://rhn.redhat.com/errata/RHSA-2012-1238.html This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Via RHSA-2012:1243 https://rhn.redhat.com/errata/RHSA-2012-1243.html This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Supplementary for Red Hat Enterprise Linux 5 Via RHSA-2012:1245 https://rhn.redhat.com/errata/RHSA-2012-1245.html This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:1289 https://rhn.redhat.com/errata/RHSA-2012-1289.html This issue has been addressed in following products: RHEL 5 for SAP RHEL 6 for SAP Via RHSA-2012:1332 https://rhn.redhat.com/errata/RHSA-2012-1332.html This issue has been addressed in following products: Red Hat Network Satellite Server v 5.5 Via RHSA-2013:1456 https://rhn.redhat.com/errata/RHSA-2013-1456.html This issue has been addressed in following products: Red Hat Network Satellite Server v 5.4 Via RHSA-2013:1455 https://rhn.redhat.com/errata/RHSA-2013-1455.html |