Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 702349 - (CVE-2011-0311) CVE-2011-0311 IBM JDK Class file parsing denial-of-service
CVE-2011-0311 IBM JDK Class file parsing denial-of-service
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
Unspecified Unspecified
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,source=redhat,public=20110...
: Security
Depends On: 701980 701981 729588 729589 729907 729908 729909
Blocks:
  Show dependency treegraph
 
Reported: 2011-05-05 08:28 EDT by Marc Schoenefeld
Modified: 2015-08-19 05:10 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-02-26 17:37:07 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0490 normal SHIPPED_LIVE Critical: java-1.4.2-ibm security update 2011-05-05 13:44:32 EDT
Red Hat Product Errata RHSA-2011:0870 normal SHIPPED_LIVE Moderate: java-1.4.2-ibm-sap security update 2011-06-15 05:56:03 EDT
Red Hat Product Errata RHSA-2011:1159 normal SHIPPED_LIVE Critical: java-1.4.2-ibm security update 2011-08-15 13:49:36 EDT
Red Hat Product Errata RHSA-2011:1265 normal SHIPPED_LIVE Moderate: java-1.4.2-ibm-sap security update 2011-09-06 17:20:08 EDT

  None (edit)
Description Marc Schoenefeld 2011-05-05 08:28:10 EDT 
IBM reported a problem with class file parsing in IBM JDK: 

IBM Runtimes for Java Technology is vulnerable to a denial of service, caused by an error in the class file parser. A remote authenticated attacker could exploit this vulnerability using a specially-crafted class file containing an invalid attribute length field to cause a segmentation fault. [1] 

The issue is fixed with JDK 1.4.2 SR13-FP9 , 5.0 SR12-FP4 and 6 SR9-FP1 [2]
and APAR IZ89602 [3]

[1] http://xforce.iss.net/xforce/xfdb/65189
[2] http://www.ibm.com/developerworks/java/jdk/alerts/
[3] http://www-01.ibm.com/support/docview.wss?uid=swg1IZ89602
Comment 3 errata-xmlrpc 2011-05-05 13:44:45 EDT 
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5
  Extras for RHEL 4

Via RHSA-2011:0490 https://rhn.redhat.com/errata/RHSA-2011-0490.html
Comment 4 errata-xmlrpc 2011-06-15 05:56:16 EDT 
This issue has been addressed in following products:

  RHEL 4 for SAP
  RHEL 5 for SAP
  RHEL 6 for SAP

Via RHSA-2011:0870 https://rhn.redhat.com/errata/RHSA-2011-0870.html
Comment 5 errata-xmlrpc 2011-08-15 13:49:43 EDT 
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5
  Extras for RHEL 4

Via RHSA-2011:1159 https://rhn.redhat.com/errata/RHSA-2011-1159.html
Comment 6 errata-xmlrpc 2011-09-06 17:20:12 EDT 
This issue has been addressed in following products:

  RHEL 4 for SAP
  RHEL 5 for SAP
  RHEL 6 for SAP

Via RHSA-2011:1265 https://rhn.redhat.com/errata/RHSA-2011-1265.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.