|Bugzilla:||642606: CVE-2010-3559 JDK unspecified vulnerability in Sound component|
The MITRE CVE dictionary describes this issue as:
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|Red Hat Enterprise Linux Server Supplementary (v. 5) (java-1.5.0-ibm)||RHSA-2010:0807||October 27, 2010|
|Red Hat Enterprise Linux Server Supplementary (v. 5) (java-1.6.0-sun)||RHSA-2010:0770||October 14, 2010|
|Red Hat Enterprise Linux Supplementary version 6 (java-1.5.0-ibm)||RHSA-2010:0873||November 10, 2010|
|Red Hat Enterprise Linux version 4 Extras (java-1.5.0-ibm)||RHSA-2010:0807||October 27, 2010|
|Red Hat Enterprise Linux version 4 Extras (java-1.6.0-sun)||RHSA-2010:0770||October 14, 2010|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.