Insufficient data authenticity validation In java-1.6.0-openjdk
Description
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 rpm rhel5 | 1:1.6.0.0-3.1.13.1.el5_10 | ||
rpm rhel5 | 1:1.7.0.51-2.4.4.1.el5_10 | ||
rpm rhel6 | 1:1.7.0.51-2.4.4.1.el6_5 | ||
rpm rhel6 | 1:1.6.0.0-3.1.13.1.el6_5 |
Aliases
1. 2. 3.