Back to search

SUSE Linux Security Advisory: SUSE-SU-2012:1231-1

Severity CVSS Published Added Modified
10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) August 27, 2012 December 12, 2013 December 12, 2013

Available Exploits 

Description

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

  • Upgrade java-1_6_0-ibm-32bit

    Please upgrade java-1_6_0-ibm-32bit using an update manager like YaST or zypper

  • Upgrade java-1_6_0-ibm-64bit

    Please upgrade java-1_6_0-ibm-64bit using an update manager like YaST or zypper

  • Upgrade java-1_6_0-ibm-alsa-32bit

    Please upgrade java-1_6_0-ibm-alsa-32bit using an update manager like YaST or zypper

  • Upgrade java-1_6_0-ibm-alsa

    Please upgrade java-1_6_0-ibm-alsa using an update manager like YaST or zypper

  • Upgrade java-1_6_0-ibm-devel-32bit

    Please upgrade java-1_6_0-ibm-devel-32bit using an update manager like YaST or zypper

  • Upgrade java-1_6_0-ibm-devel

    Please upgrade java-1_6_0-ibm-devel using an update manager like YaST or zypper

  • Upgrade java-1_6_0-ibm-fonts

    Please upgrade java-1_6_0-ibm-fonts using an update manager like YaST or zypper

  • Upgrade java-1_6_0-ibm-jdbc

    Please upgrade java-1_6_0-ibm-jdbc using an update manager like YaST or zypper

  • Upgrade java-1_6_0-ibm-plugin-32bit

    Please upgrade java-1_6_0-ibm-plugin-32bit using an update manager like YaST or zypper

  • Upgrade java-1_6_0-ibm-plugin

    Please upgrade java-1_6_0-ibm-plugin using an update manager like YaST or zypper

  • Upgrade java-1_6_0-ibm

    Please upgrade java-1_6_0-ibm using an update manager like YaST or zypper

  • Upgrade java-1_5_0-ibm-32bit

    Please upgrade java-1_5_0-ibm-32bit using an update manager like YaST or zypper

  • Upgrade java-1_5_0-ibm-64bit

    Please upgrade java-1_5_0-ibm-64bit using an update manager like YaST or zypper

  • Upgrade java-1_5_0-ibm-alsa-32bit

    Please upgrade java-1_5_0-ibm-alsa-32bit using an update manager like YaST or zypper

  • Upgrade java-1_5_0-ibm-alsa

    Please upgrade java-1_5_0-ibm-alsa using an update manager like YaST or zypper

  • Upgrade java-1_5_0-ibm-devel-32bit

    Please upgrade java-1_5_0-ibm-devel-32bit using an update manager like YaST or zypper

  • Upgrade java-1_5_0-ibm-devel

    Please upgrade java-1_5_0-ibm-devel using an update manager like YaST or zypper

  • Upgrade java-1_5_0-ibm-fonts

    Please upgrade java-1_5_0-ibm-fonts using an update manager like YaST or zypper

  • Upgrade java-1_5_0-ibm-jdbc

    Please upgrade java-1_5_0-ibm-jdbc using an update manager like YaST or zypper

  • Upgrade java-1_5_0-ibm-plugin

    Please upgrade java-1_5_0-ibm-plugin using an update manager like YaST or zypper

  • Upgrade java-1_5_0-ibm

    Please upgrade java-1_5_0-ibm using an update manager like YaST or zypper

  • Upgrade java-1_4_2-ibm-devel

    Please upgrade java-1_4_2-ibm-devel using an update manager like YaST or zypper

  • Upgrade java-1_4_2-ibm-jdbc

    Please upgrade java-1_4_2-ibm-jdbc using an update manager like YaST or zypper

  • Upgrade java-1_4_2-ibm-plugin

    Please upgrade java-1_4_2-ibm-plugin using an update manager like YaST or zypper

  • Upgrade java-1_4_2-ibm

    Please upgrade java-1_4_2-ibm using an update manager like YaST or zypper

  • Upgrade java-1_7_0-ibm-alsa

    Please upgrade java-1_7_0-ibm-alsa using an update manager like YaST or zypper

  • Upgrade java-1_7_0-ibm-jdbc

    Please upgrade java-1_7_0-ibm-jdbc using an update manager like YaST or zypper

  • Upgrade java-1_7_0-ibm-plugin

    Please upgrade java-1_7_0-ibm-plugin using an update manager like YaST or zypper

  • Upgrade java-1_7_0-ibm

    Please upgrade java-1_7_0-ibm using an update manager like YaST or zypper

Related Vulnerabilities