Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Update for java-1.7.0-openjdk RHSA-2015:0806-01
Summary:The remote host is missing an update for the 'java-1.7.0-openjdk'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'java-1.7.0-openjdk'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.

An off-by-one flaw, leading to a buffer overflow, was found in the font
parsing code in the 2D component in OpenJDK. A specially crafted font file
could possibly cause the Java Virtual Machine to execute arbitrary code,
allowing an untrusted Java application or applet to bypass Java sandbox
restrictions. (CVE-2015-0469)

A flaw was found in the way the Hotspot component in OpenJDK handled
phantom references. An untrusted Java application or applet could use this
flaw to corrupt the Java Virtual Machine memory and, possibly, execute
arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)

A flaw was found in the way the JSSE component in OpenJDK parsed X.509
certificate options. A specially crafted certificate could cause JSSE to
raise an exception, possibly causing an application using JSSE to exit
unexpectedly. (CVE-2015-0488)

A flaw was discovered in the Beans component in OpenJDK. An untrusted Java
application or applet could use this flaw to bypass certain Java sandbox
restrictions. (CVE-2015-0477)

A directory traversal flaw was found in the way the jar tool extracted JAR
archive files. A specially crafted JAR archive could cause jar to overwrite
arbitrary files writable by the user running jar when the archive was
extracted. (CVE-2005-1080, CVE-2015-0480)

It was found that the RSA implementation in the JCE component in OpenJDK
did not follow recommended practices for implementing RSA signatures.

The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat
Product Security.

Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website.

All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

Affected Software/OS:
java-1.7.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Server (v. 7),
Red Hat Enterprise Linux Workstation (v. 6)

Please Install the Updated Packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-1080
BugTraq ID: 13083
Bugtraq: 20050412 7a69Adv#23 - Jar tool directory transversal vulnerability (Google Search)
RedHat Security Advisories: RHSA-2015:0806
RedHat Security Advisories: RHSA-2015:0807
RedHat Security Advisories: RHSA-2015:0808
RedHat Security Advisories: RHSA-2015:0809
RedHat Security Advisories: RHSA-2015:0854
RedHat Security Advisories: RHSA-2015:0857
RedHat Security Advisories: RHSA-2015:0858
RedHat Security Advisories: RHSA-2015:1006
RedHat Security Advisories: RHSA-2015:1007
RedHat Security Advisories: RHSA-2015:1020
RedHat Security Advisories: RHSA-2015:1021
RedHat Security Advisories: RHSA-2015:1091
Common Vulnerability Exposure (CVE) ID: CVE-2015-0460
BugTraq ID: 74097
Debian Security Information: DSA-3234 (Google Search)
Debian Security Information: DSA-3235 (Google Search)
Debian Security Information: DSA-3316 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:0833 (Google Search)
SuSE Security Announcement: openSUSE-SU-2015:0773 (Google Search)
SuSE Security Announcement: openSUSE-SU-2015:0774 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2015-0469
BugTraq ID: 74072
SuSE Security Announcement: SUSE-SU-2015:1085 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1086 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1138 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1161 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:2166 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:2168 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:2182 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:2192 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:2216 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:0113 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2015-0477
BugTraq ID: 74119
Common Vulnerability Exposure (CVE) ID: CVE-2015-0478
BugTraq ID: 74147
Common Vulnerability Exposure (CVE) ID: CVE-2015-0480
BugTraq ID: 74104
Common Vulnerability Exposure (CVE) ID: CVE-2015-0488
BugTraq ID: 74111
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.