Description

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.

References

• APPLE-APPLE-SA-2010-05-18-1
• APPLE-APPLE-SA-2010-05-18-2
• BID-39069
• CVE-2010-0838
• DISA_SEVERITY-Category I
• DISA_VMSKEY-V0027158
• IAVM-2011-A-0066
• OVAL-OVAL10482
• OVAL-OVAL13923
• REDHAT-RHSA-2010:0337
• REDHAT-RHSA-2010:0338
• REDHAT-RHSA-2010:0339
• REDHAT-RHSA-2010:0383
• REDHAT-RHSA-2010:0471
• URL: http://www.vmware.com/security/advisories/VMSA-2011-0003.html
• XF-57346

Solution

Related Vulnerabilities

• SUSE Linux Security Vulnerability: CVE-2010-0838
• Gentoo Linux: CVE-2010-0838: Oracle JRE/JDK: Multiple vulnerabilities
• SUSE Linux Security Advisory: SUSE-SR:2010:011
• RHSA-2010:0130: java-1.5.0-ibm security update
• Apple Java security update for CVE-2010-0838
• HP Systems Insight Manager - HPSBMA02547 (CVE-2010-0838): HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
• RHSA-2010:0338: java-1.5.0-sun security update
• RHSA-2010:0471: Red Hat Network Satellite Server IBM Java Runtime security update
• RHSA-2010:0339: java-1.6.0-openjdk security update
• SUSE Linux Security Advisory: SUSE-SR:2010:008
• RHSA-2010:0337: java-1.6.0-sun security update
• Cent OS: CVE-2010-0838: CESA-2010:0339 (java-1.6.0-openjdk)
• USN-923-1: OpenJDK vulnerabilities
• RHSA-2010:0383: java-1.6.0-ibm security update
• Java CPU March 2010 Java 2D vulnerability (CVE-2010-0838)