You are here

U-105:Oracle Java SE Critical Patch Update Advisory

February 16, 2012 - 11:45am

Addthis

PROBLEM:

Oracle Java SE Critical Patch Update Advisory

PLATFORM:

1.4.2_35 and prior, 5.0 Update 33 and prior; 6 Update 30 and prior; 7 Update 2 and prior

ABSTRACT:

Multiple vulnerabilities were reported in Oracle Java SE. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.

reference LINKS:

Oracle Java SE Critical Patch
Critical Patch Security Alerts
SecurityTracker Alert ID: 1026688
Secunia Advisory: SA48009
Red Hat advisory

IMPACT ASSESSMENT:

High

Discussion:

A remote user can send specially crafted data to execute arbitrary code on the target system or cause complete denial of service conditions. The Java 2D CVE-2012-0497, CVE-2012-0498, CVE-2012-0499 , deploy CVE-2012-0500, and install CVE-2012-0504 components are affected. JavaFX is also affected CVE-2012-0508. A remote user can partially access and modify data and partially deny service on the target system. The I18n CVE-2012-0503 and serialization CVE-2012-0505 components are affected. A remote user can partially access data and partially deny service on the target system. The AWT CVE-2012-0502 and sound CVE-2011-3563 components are affected. A remote user can cause partial denial of service conditions on the target system. The JRE component is affected CVE-2012-0501. A remote user can partially modify data on the target system. The CORBA component is affected CVE-2012-0506.

Impact:

A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.

Solution:

Red Hat has issued a fix for CVE-2011-3563, CVE-2012-0497, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, and CVE-2012-0506.
For more information, Oracle Java SE Critical Patch

 

Addthis