Bug 706111 (CVE-2011-0815) - CVE-2011-0815 OpenJDK: FileDialog.show() buffer overflow (AWT, 7012520)
Summary: CVE-2011-0815 OpenJDK: FileDialog.show() buffer overflow (AWT, 7012520)
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2011-0815
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: Unspecified
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-05-19 14:13 UTC by Marc Schoenefeld
Modified: 2021-02-24 15:26 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2011-06-03 13:59:58 UTC
Embargoed:

Attachments (Terms of Use)

Comment 3 Marc Schoenefeld 2011-06-03 13:59:58 UTC 
Closed as it does not affect Linux
Comment 4 Tomas Hoger 2011-06-07 11:27:29 UTC 
Statement:

Not vulnerable. This issue only affected Java versions running on Windows platform. It did not affect the versions of java-1.6.0-openjdk as shipped with Red Hat Enterprise Linux 5 and 6, and the java-1.6.0-sun packages as shipped with Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary.
Comment 5 Tomas Hoger 2011-06-07 11:34:10 UTC 
A heap-based overflow vulnerability was found in the implementation of the AWT FileDialog.show() for Microsoft Windows platform.
Comment 6 Tomas Hoger 2011-06-08 06:37:00 UTC 
Public now via Oracle CPU June 2011:
http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html

Also fixed in IcedTea6 versions 1.8.8, 1.9.8 and 1.10.2:
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-June/014607.html

Patch:
http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/8d393fbff5d3/patches/security/20110607/7012520.patch
Note You need to log in before you can comment on or make changes to this bug.