CVE-2012-0507
Published: 24 February 2012
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.
Notes
| Author | Note |
|---|---|
| mdeslaur | in natty+, NetX and the plugin moved to the icedtea-web package |
| sbeattie | initially, oracle misidentified this as CVE-2011-3571; changelogs refer to that CVE instead of this one. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
icedtea-web Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
|
|
| maverick |
Does not exist
|
|
| natty |
Not vulnerable
|
|
| oneiric |
Not vulnerable
|
|
| precise |
Not vulnerable
|
|
| quantal |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
|
openjdk-6 Launchpad, Ubuntu, Debian |
hardy |
Released
(6b27-1.12.3-0ubuntu1~08.04.1)
|
| lucid |
Released
(6b20-1.9.13-0ubuntu1~10.04.1)
|
|
| maverick |
Released
(6b20-1.9.13-0ubuntu1~10.10.1)
|
|
| natty |
Released
(6b22-1.10.6-0ubuntu1)
|
|
| oneiric |
Released
(6b23~pre11-0ubuntu1.11.10.2)
|
|
| precise |
Not vulnerable
(6b24-1.11.1-0ubuntu1)
|
|
| quantal |
Not vulnerable
(6b24-1.11.1-0ubuntu1)
|
|
| upstream |
Needs triage
|
|
|
openjdk-6b18 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Released
(6b18-1.8.13-0ubuntu1~10.04.1)
|
|
| maverick |
Released
(6b18-1.8.13-0ubuntu1~10.10.1)
|
|
| natty |
Released
(6b18-1.8.13-0ubuntu1~11.04.1)
|
|
| oneiric |
Ignored
(end of life)
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
openjdk-7 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Released
(7u9-2.3.3-0ubuntu1~11.10.1)
|
|
| precise |
Not vulnerable
(7~u3-2.1-1ubuntu1)
|
|
| quantal |
Not vulnerable
(7~u3-2.1-1ubuntu1)
|
|
| upstream |
Needs triage
|
|
|
sun-java5 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
sun-java6 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Does not exist
(removed from archive)
|
|
| maverick |
Does not exist
(removed from archive)
|
|
| natty |
Does not exist
(removed from archive)
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| upstream |
Needs triage
|