VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0838)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | April 01, 2010 | February 16, 2011 | February 13, 2015 |
Description
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
- CVE-2010-0838
- APPLE-APPLE-SA-2010-05-18-1
- APPLE-APPLE-SA-2010-05-18-2
- BID-39069
- DISA_SEVERITY-Category I
- DISA_VMSKEY-V0027158
- IAVM-2011-A-0066
- OVAL-OVAL10482
- OVAL-OVAL13923
- REDHAT-RHSA-2010:0337
- REDHAT-RHSA-2010:0338
- REDHAT-RHSA-2010:0339
- REDHAT-RHSA-2010:0383
- REDHAT-RHSA-2010:0471
- URL: http://www.vmware.com/security/advisories/VMSA-2011-0003.html
- XF-57346
Solution
vmware-esx41-upgrade-348481Related Vulnerabilities
- SUSE Linux Security Vulnerability: CVE-2010-0838
- Gentoo Linux: CVE-2010-0838: Oracle JRE/JDK: Multiple vulnerabilities
- SUSE Linux Security Advisory: SUSE-SR:2010:011
- RHSA-2010:0130: java-1.5.0-ibm security update
- Apple Java security update for CVE-2010-0838
- HP Systems Insight Manager - HPSBMA02547 (CVE-2010-0838): HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
- RHSA-2010:0338: java-1.5.0-sun security update
- RHSA-2010:0471: Red Hat Network Satellite Server IBM Java Runtime security update
- RHSA-2010:0339: java-1.6.0-openjdk security update
- SUSE Linux Security Advisory: SUSE-SR:2010:008
- RHSA-2010:0337: java-1.6.0-sun security update
- Cent OS: CVE-2010-0838: CESA-2010:0339 (java-1.6.0-openjdk)
- USN-923-1: OpenJDK vulnerabilities
- RHSA-2010:0383: java-1.6.0-ibm security update
- Java CPU March 2010 Java 2D vulnerability (CVE-2010-0838)