Bug 829371 (CVE-2012-1719)

Summary: CVE-2012-1719 OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851)
Product: [Other] Security Response Reporter: Stefan Cornelius <scorneli>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ahughes, aph, dbhole, jvanek, omajid, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20120612,reported=20120606,source=oracle,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/java-1.6.0-openjdk=affected,rhel-5/java-1.6.0-sun=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-sun=affected,rhel-6/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-5/java-1.4.2-ibm=affected,rhel-5/java-1.4.2-ibm-sap=affected,rhel-6/java-1.4.2-ibm-sap=affected,rhel-5/java-1.5.0-ibm=affected,rhel-6/java-1.5.0-ibm=affected,rhel-5/java-1.6.0-ibm=affected,rhel-6/java-1.6.0-ibm=affected,rhel-6/java-1.7.0-ibm=affected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-10-03 11:39:05 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 828749, 828750, 828751, 828752, 828753, 828754, 828755, 828756, 828757, 828758, 828759, 828760, 854269, 854270, 854274, 854276, 854279, 854280, 854284, 854285, 854290, 854291, 854297, 854299, 854300, 854301, 856471, 856472, 856473    
Bug Blocks: 824458    

Description Stefan Cornelius 2012-06-06 10:44:53 EDT
CVE-2012-0506 (bug #789300) was assigned to the flaw in the Java CORBA implementation that allowed modification of the repository identifiers that are intended to be immutable.  This additional fix corrects the problem in the stub generator for generated stub code.
Comment 1 Tomas Hoger 2012-06-12 16:27:04 EDT
Public now via:
http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html

Fixed in Oracle Java 7 Update 5 and 6 Update 33.
Comment 3 errata-xmlrpc 2012-06-13 09:10:17 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:0730 https://rhn.redhat.com/errata/RHSA-2012-0730.html
Comment 4 errata-xmlrpc 2012-06-13 09:10:34 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0729 https://rhn.redhat.com/errata/RHSA-2012-0729.html
Comment 5 errata-xmlrpc 2012-06-13 16:02:35 EDT
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2012:0734 https://rhn.redhat.com/errata/RHSA-2012-0734.html
Comment 7 errata-xmlrpc 2012-06-20 11:15:15 EDT
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2012:1019 https://rhn.redhat.com/errata/RHSA-2012-1019.html
Comment 8 errata-xmlrpc 2012-06-20 11:15:55 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:1009 https://rhn.redhat.com/errata/RHSA-2012-1009.html
Comment 15 errata-xmlrpc 2012-09-06 12:15:15 EDT
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2012:1238 https://rhn.redhat.com/errata/RHSA-2012-1238.html
Comment 16 errata-xmlrpc 2012-09-07 08:50:22 EDT
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2012:1243 https://rhn.redhat.com/errata/RHSA-2012-1243.html
Comment 17 errata-xmlrpc 2012-09-07 09:00:48 EDT
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2012:1245 https://rhn.redhat.com/errata/RHSA-2012-1245.html
Comment 18 errata-xmlrpc 2012-09-18 18:52:57 EDT
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2012:1289 https://rhn.redhat.com/errata/RHSA-2012-1289.html
Comment 19 errata-xmlrpc 2012-10-03 11:20:38 EDT
This issue has been addressed in following products:

  RHEL 5 for SAP
  RHEL 6 for SAP

Via RHSA-2012:1332 https://rhn.redhat.com/errata/RHSA-2012-1332.html
Comment 20 errata-xmlrpc 2013-10-23 12:31:15 EDT
This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.5

Via RHSA-2013:1456 https://rhn.redhat.com/errata/RHSA-2013-1456.html
Comment 21 errata-xmlrpc 2013-10-23 13:05:18 EDT
This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.4

Via RHSA-2013:1455 https://rhn.redhat.com/errata/RHSA-2013-1455.html