You are here

V-072: Red Hat update for java-1.7.0-openjdk

January 18, 2013 - 6:00am

Addthis

PROBLEM:

Red Hat has issued an update for java-1.7.0-openjdk.

PLATFORM:

The vulnerabilities are reported in Red Hat Enterprise Linux 5 and 6

ABSTRACT:

Red Hat has issued an update for java-1.7.0-openjdk.

REFERENCE LINKS:

Secunia Advisory SA51858
RHSA-2013:0165-1
CVE-2012-3174
CVE-2013-0422

IMPACT ASSESSMENT:

High

DISCUSSION:

This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.

IMPACT:

Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.

SOLUTION:

Vendor advises to upgrade to these updated packages, which resolve these issues.

Addthis