Bug 831355 (CVE-2012-0551) - CVE-2012-0551 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)
Summary: CVE-2012-0551 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (De...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-0551
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 828753 828754 828755 828756 828757 828758 854297 854299 854300 854301 856471 856472 856473
Blocks: 824458
TreeView+ depends on / blocked
 
Reported: 2012-06-12 20:40 UTC by Tomas Hoger
Modified: 2019-09-29 12:53 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2012-09-19 10:10:53 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:0734 0 normal SHIPPED_LIVE Critical: java-1.6.0-sun security update 2013-11-15 00:08:50 UTC
Red Hat Product Errata RHSA-2012:1019 0 normal SHIPPED_LIVE Critical: java-1.7.0-oracle security update 2012-06-20 15:39:05 UTC
Red Hat Product Errata RHSA-2012:1238 0 normal SHIPPED_LIVE Critical: java-1.6.0-ibm security update 2012-09-06 20:13:35 UTC
Red Hat Product Errata RHSA-2012:1289 0 normal SHIPPED_LIVE Critical: java-1.7.0-ibm security update 2012-09-19 02:52:20 UTC
Red Hat Product Errata RHSA-2013:1455 0 normal SHIPPED_LIVE Low: Red Hat Network Satellite server IBM Java Runtime security update 2013-10-23 20:30:21 UTC
Red Hat Product Errata RHSA-2013:1456 0 normal SHIPPED_LIVE Low: Red Hat Network Satellite server IBM Java Runtime security update 2013-10-23 20:29:56 UTC

Description Tomas Hoger 2012-06-12 20:40:19 UTC 
Java SE 6 Update 33 and Java SE 7 Update 5 of Oracle/Sun Java fixes an unspecified vulnerability in the Deployment component (CVE-2012-0551). Upstream has CVSSv2 scored this issue as: 5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P

http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html
Comment 1 errata-xmlrpc 2012-06-13 20:02:58 UTC 
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2012:0734 https://rhn.redhat.com/errata/RHSA-2012-0734.html
Comment 2 Tomas Hoger 2012-06-14 08:09:55 UTC 
It seems this CVE - CVE-2012-0551 - was previously used in Oracle CPU April 2012 for a GlassFish Enterprise Server, Web Container sub-component, CVSSv2 scored as 5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N.  According to the Security-Assessment.com advisory, this CVE was for XSS issue in the GlassFish:

http://www.security-assessment.com/files/documents/advisory/Oracle_GlassFish_Server_Multiple_XSS.pdf
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html#AppendixSUNS
http://secunia.com/advisories/48798/
Comment 3 errata-xmlrpc 2012-06-20 15:15:40 UTC 
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2012:1019 https://rhn.redhat.com/errata/RHSA-2012-1019.html
Comment 5 errata-xmlrpc 2012-09-06 16:15:28 UTC 
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2012:1238 https://rhn.redhat.com/errata/RHSA-2012-1238.html
Comment 6 errata-xmlrpc 2012-09-18 22:53:10 UTC 
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2012:1289 https://rhn.redhat.com/errata/RHSA-2012-1289.html
Comment 7 errata-xmlrpc 2013-10-23 16:31:56 UTC 
This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.5

Via RHSA-2013:1456 https://rhn.redhat.com/errata/RHSA-2013-1456.html
Comment 8 errata-xmlrpc 2013-10-23 17:05:54 UTC 
This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.4

Via RHSA-2013:1455 https://rhn.redhat.com/errata/RHSA-2013-1455.html
Note You need to log in before you can comment on or make changes to this bug.