Bug 639897 – CVE-2010-3562 OpenJDK IndexColorModel double-free (6925710)

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 639897 - (CVE-2010-3562) CVE-2010-3562 OpenJDK IndexColorModel double-free (6925710)

Summary:	CVE-2010-3562 OpenJDK IndexColorModel double-free (6925710)

Status:	CLOSED ERRATA

Aliases:	CVE-2010-3562

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	high Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=important,source=oracle,public...
Keywords:	Security

Depends On:	639951 639952 639953 639954 642515 642517 643336 643337 643338 643355 643356 643357 646406 646407 646408 662638 662639 662640
Blocks:	712887
	Show dependency tree / graph

Reported:	2010-10-04 06:03 EDT by Marc Schoenefeld
Modified:	2015-08-23 09:32 EDT (History)
CC List:	6 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-08-23 09:32:27 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2010:0768	normal	SHIPPED_LIVE	Important: java-1.6.0-openjdk security and bug fix update	2010-10-13 12:23:43 EDT
Red Hat Product Errata	RHSA-2010:0770	normal	SHIPPED_LIVE	Critical: java-1.6.0-sun security update	2010-10-14 09:35:50 EDT
Red Hat Product Errata	RHSA-2010:0786	normal	SHIPPED_LIVE	Critical: java-1.4.2-ibm security update	2010-10-20 13:14:58 EDT
Red Hat Product Errata	RHSA-2010:0807	normal	SHIPPED_LIVE	Critical: java-1.5.0-ibm security update	2010-10-27 19:07:22 EDT
Red Hat Product Errata	RHSA-2010:0865	normal	SHIPPED_LIVE	Important: java-1.6.0-openjdk security and bug fix update	2010-11-09 14:05:39 EST
Red Hat Product Errata	RHSA-2010:0873	normal	SHIPPED_LIVE	Critical: java-1.5.0-ibm security update	2010-11-10 07:10:54 EST
Red Hat Product Errata	RHSA-2010:0986	normal	SHIPPED_LIVE	Moderate: java-1.4.2-ibm-sap security update	2010-12-15 17:43:51 EST
Red Hat Product Errata	RHSA-2010:0987	normal	SHIPPED_LIVE	Critical: java-1.6.0-ibm security and bug fix update	2010-12-15 18:45:15 EST
Red Hat Product Errata	RHSA-2011:0880	normal	SHIPPED_LIVE	Low: Red Hat Network Satellite server IBM Java Runtime security update	2011-06-16 15:21:49 EDT

Groups: None (edit)

Comment 2 Jan Lieskovsky 2010-10-13 11:24:00 EDT

Double free in IndexColorModel could cause an untrusted applet or application
to crash or, possibly, execute arbitrary code with the privileges of the user
running the applet or application. (CVE-2010-3562) 

The CVSSv2 scored upstream is
cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P

Reference: 
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

Comment 3 errata-xmlrpc 2010-10-13 12:23:54 EDT

This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2010:0768 https://rhn.redhat.com/errata/RHSA-2010-0768.html

Comment 4 errata-xmlrpc 2010-10-14 09:36:35 EDT

This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2010:0770 https://rhn.redhat.com/errata/RHSA-2010-0770.html

Comment 8 errata-xmlrpc 2010-10-20 13:15:17 EDT

This issue has been addressed in following products:

  Extras for RHEL 3
  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2010:0786 https://rhn.redhat.com/errata/RHSA-2010-0786.html

Comment 10 errata-xmlrpc 2010-10-27 19:07:38 EDT

This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2010:0807 https://rhn.redhat.com/errata/RHSA-2010-0807.html

Comment 11 errata-xmlrpc 2010-11-10 13:49:42 EST

This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2010:0865 https://rhn.redhat.com/errata/RHSA-2010-0865.html

Comment 12 errata-xmlrpc 2010-11-10 14:07:08 EST

This issue has been addressed in following products:

  Extras for Red Hat Enterprise Linux 6

Via RHSA-2010:0873 https://rhn.redhat.com/errata/RHSA-2010-0873.html

Comment 14 errata-xmlrpc 2010-12-15 17:44:04 EST

This issue has been addressed in following products:

  RHEL 4 for SAP
  RHEL 5 for SAP
  RHEL 6 for SAP

Via RHSA-2010:0986 https://rhn.redhat.com/errata/RHSA-2010-0986.html

Comment 15 errata-xmlrpc 2010-12-15 18:45:38 EST

This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5
  Extras for Red Hat Enterprise Linux 6

Via RHSA-2010:0987 https://rhn.redhat.com/errata/RHSA-2010-0987.html

Comment 16 errata-xmlrpc 2011-06-16 15:22:17 EDT

This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.4

Via RHSA-2011:0880 https://rhn.redhat.com/errata/RHSA-2011-0880.html

Note You need to log in before you can comment on or make changes to this bug.