Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871357
Category:Red Hat Local Security Checks
Title:RedHat Update for java-1.7.0-openjdk RHSA-2015:0806-01
Summary:The remote host is missing an update for the 'java-1.7.0-openjdk'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'java-1.7.0-openjdk'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.

An off-by-one flaw, leading to a buffer overflow, was found in the font
parsing code in the 2D component in OpenJDK. A specially crafted font file
could possibly cause the Java Virtual Machine to execute arbitrary code,
allowing an untrusted Java application or applet to bypass Java sandbox
restrictions. (CVE-2015-0469)

A flaw was found in the way the Hotspot component in OpenJDK handled
phantom references. An untrusted Java application or applet could use this
flaw to corrupt the Java Virtual Machine memory and, possibly, execute
arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)

A flaw was found in the way the JSSE component in OpenJDK parsed X.509
certificate options. A specially crafted certificate could cause JSSE to
raise an exception, possibly causing an application using JSSE to exit
unexpectedly. (CVE-2015-0488)

A flaw was discovered in the Beans component in OpenJDK. An untrusted Java
application or applet could use this flaw to bypass certain Java sandbox
restrictions. (CVE-2015-0477)

A directory traversal flaw was found in the way the jar tool extracted JAR
archive files. A specially crafted JAR archive could cause jar to overwrite
arbitrary files writable by the user running jar when the archive was
extracted. (CVE-2005-1080, CVE-2015-0480)

It was found that the RSA implementation in the JCE component in OpenJDK
did not follow recommended practices for implementing RSA signatures.
(CVE-2015-0478)

The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat
Product Security.

Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website.

All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

Affected Software/OS:
java-1.7.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Server (v. 7),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-1080
BugTraq ID: 13083
http://www.securityfocus.com/bid/13083
Bugtraq: 20050412 7a69Adv#23 - Jar tool directory transversal vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=111331593310508&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2015:212
http://www.securiteam.com/securitynews/5IP0C0AFGW.html
http://marc.info/?l=oss-security&m=127603032617644&w=2
http://marc.info/?l=oss-security&m=127602564508766&w=2
RedHat Security Advisories: RHSA-2015:0806
http://rhn.redhat.com/errata/RHSA-2015-0806.html
RedHat Security Advisories: RHSA-2015:0807
http://rhn.redhat.com/errata/RHSA-2015-0807.html
RedHat Security Advisories: RHSA-2015:0808
http://rhn.redhat.com/errata/RHSA-2015-0808.html
RedHat Security Advisories: RHSA-2015:0809
http://rhn.redhat.com/errata/RHSA-2015-0809.html
RedHat Security Advisories: RHSA-2015:0854
http://rhn.redhat.com/errata/RHSA-2015-0854.html
RedHat Security Advisories: RHSA-2015:0857
http://rhn.redhat.com/errata/RHSA-2015-0857.html
RedHat Security Advisories: RHSA-2015:0858
http://rhn.redhat.com/errata/RHSA-2015-0858.html
RedHat Security Advisories: RHSA-2015:1006
http://rhn.redhat.com/errata/RHSA-2015-1006.html
RedHat Security Advisories: RHSA-2015:1007
http://rhn.redhat.com/errata/RHSA-2015-1007.html
RedHat Security Advisories: RHSA-2015:1020
http://rhn.redhat.com/errata/RHSA-2015-1020.html
RedHat Security Advisories: RHSA-2015:1021
http://rhn.redhat.com/errata/RHSA-2015-1021.html
RedHat Security Advisories: RHSA-2015:1091
http://rhn.redhat.com/errata/RHSA-2015-1091.html
http://secunia.com/advisories/14902
Common Vulnerability Exposure (CVE) ID: CVE-2015-0460
BugTraq ID: 74097
http://www.securityfocus.com/bid/74097
Debian Security Information: DSA-3234 (Google Search)
http://www.debian.org/security/2015/dsa-3234
Debian Security Information: DSA-3235 (Google Search)
http://www.debian.org/security/2015/dsa-3235
Debian Security Information: DSA-3316 (Google Search)
http://www.debian.org/security/2015/dsa-3316
https://security.gentoo.org/glsa/201603-11
http://www.securitytracker.com/id/1032120
SuSE Security Announcement: SUSE-SU-2015:0833 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html
SuSE Security Announcement: openSUSE-SU-2015:0773 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html
SuSE Security Announcement: openSUSE-SU-2015:0774 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html
http://www.ubuntu.com/usn/USN-2573-1
http://www.ubuntu.com/usn/USN-2574-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-0469
BugTraq ID: 74072
http://www.securityfocus.com/bid/74072
SuSE Security Announcement: SUSE-SU-2015:1085 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html
SuSE Security Announcement: SUSE-SU-2015:1086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html
SuSE Security Announcement: SUSE-SU-2015:1138 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html
SuSE Security Announcement: SUSE-SU-2015:1161 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html
SuSE Security Announcement: SUSE-SU-2015:2166 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
SuSE Security Announcement: SUSE-SU-2015:2168 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html
SuSE Security Announcement: SUSE-SU-2015:2182 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html
SuSE Security Announcement: SUSE-SU-2015:2192 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
SuSE Security Announcement: SUSE-SU-2015:2216 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html
SuSE Security Announcement: SUSE-SU-2016:0113 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-0477
BugTraq ID: 74119
http://www.securityfocus.com/bid/74119
Common Vulnerability Exposure (CVE) ID: CVE-2015-0478
BugTraq ID: 74147
http://www.securityfocus.com/bid/74147
http://www.securitytracker.com/id/1035517
Common Vulnerability Exposure (CVE) ID: CVE-2015-0480
BugTraq ID: 74104
http://www.securityfocus.com/bid/74104
Common Vulnerability Exposure (CVE) ID: CVE-2015-0488
BugTraq ID: 74111
http://www.securityfocus.com/bid/74111
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.