CVE-2012-3143

Published: 16 October 2012

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-5089.

Priority

Medium

Status

Package Release Status
icedtea-web
Launchpad, Ubuntu, Debian
Upstream Needs triage

openjdk-6
Launchpad, Ubuntu, Debian
Upstream
Released (6 update 36)
openjdk-6b18
Launchpad, Ubuntu, Debian
Upstream
Released (6 update 36)
openjdk-7
Launchpad, Ubuntu, Debian
Upstream
Released (7 update 8)
sun-java5
Launchpad, Ubuntu, Debian
Upstream Ignored
(reached end-of-life)
sun-java6
Launchpad, Ubuntu, Debian
Upstream
Released (6 update 36)

Notes

AuthorNote
mdeslaur
in lucid+, NetX and the plugin moved to the icedtea-web package
jdstrand
openjdk-6b18 FTBFS on 11.04 (LP: #1043003)
http://rhn.redhat.com/errata/RHSA-2013-1467.html states this is
Oracle JDK only, but based on Oracle advisory we claimed it was fixed in
https://usn.ubuntu.com/usn/usn-1619-1.

References

Bugs