Insecure deserialization In java-1.6.0-openjdk
Description
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 rpm rhel5 | 1:1.6.0.0-3.1.13.1.el5_10 | ||
rpm rhel5 | 1:1.7.0.51-2.4.4.1.el5_10 | ||
rpm rhel6 | 1:1.6.0.0-3.1.13.1.el6_5 | ||
rpm rhel6 | 1:1.7.0.51-2.4.4.1.el6_5 |
Aliases
1. 2. 3.