PROBLEM:
Red Hat has issued an update for java-1.7.0-openjdk.
PLATFORM:
The vulnerabilities are reported in Red Hat Enterprise Linux 5 and 6
ABSTRACT:
Red Hat has issued an update for java-1.7.0-openjdk.
REFERENCE LINKS:
Secunia Advisory SA51858
RHSA-2013:0165-1
CVE-2012-3174
CVE-2013-0422
IMPACT ASSESSMENT:
High
DISCUSSION:
This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.
IMPACT:
Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
SOLUTION:
Vendor advises to upgrade to these updated packages, which resolve these issues.