CVE-2014-6591: Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown…

CVE-2014-6585 [LOW] GHSA-mr97-jqw9-fp77: Unspecified vulnerability in Oracle Java SE 5 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591.

CVE-2014-6591 [LOW] GHSA-7hw8-8c2x-83rg: Unspecified vulnerability in the Java SE component in Oracle Java SE 5 Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.

CVE-2013-1569 [CRITICAL] icu vulnerabilities icu vulnerabilities It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419) It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-6585, CVE-2014-6591) It was discovered that ICU incorrectly handled memory operations when processing regular expressions. If a

CVE-2014-3566 [LOW] openjdk-7 vulnerabilities openjdk-7 vulnerabilities Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-3566, CVE-2014-6587, CVE-2014-6601, CVE-2015-0395, CVE-2015-0408, CVE-2015-0412) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-6585, CVE-2014-6591, CVE-2015-0400, CVE-2015-0407) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6593) A vulnerability was discovere

CVE-2014-6591 [LOW] CVE-2014-6591: Unspecified vulnerability in the Java SE component in Oracle Java SE 5 Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.

CVE-2014-6585 [LOW] CVE-2014-6585: Unspecified vulnerability in Oracle Java SE 5 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591.

CVE-2013-1569 [CRITICAL] ICU vulnerabilities Title: ICU vulnerabilities Summary: ICU could be made to crash or run programs as your login if it processed specially crafted data. USN-2522-1 fixed vulnerabilities in ICU. On Ubuntu 12.04 LTS, the font patches caused a regression when using LibreOffice Calc. The patches have now been updated to fix the regression. We apologize for the inconvenience. Original advisory details: It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419) It was discovered that ICU incorrectly ha

[CRITICAL] ICU regression Title: ICU regression Summary: USN-2522-1 introduced a regression in ICU. USN-2522-1 fixed vulnerabilities in ICU. On Ubuntu 12.04 LTS, the font patches caused a regression when using LibreOffice Calc. The patches have been temporarily backed out until the regression is investigated. We apologize for the inconvenience. Original advisory details: It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419) It was discovered that ICU incorrectly handled memory operations when proc

CVE-2013-1569 [CRITICAL] ICU vulnerabilities Title: ICU vulnerabilities Summary: ICU could be made to crash or run programs as your login if it processed specially crafted data. It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419) It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-6585, CVE-2014

CVE-2014-3566 [LOW] OpenJDK 7 vulnerabilities Title: OpenJDK 7 vulnerabilities Summary: Several security issues were fixed in OpenJDK 7. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-3566, CVE-2014-6587, CVE-2014-6601, CVE-2015-0395, CVE-2015-0408, CVE-2015-0412) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-6585, CVE-2014-6591, CVE-2015-0400, CVE-2015-0407) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and integrity. An attacker could exploit this to expose sensitive dat

CVE-2014-3566 [LOW] OpenJDK 6 vulnerabilities Title: OpenJDK 6 vulnerabilities Summary: Several security issues were fixed in OpenJDK 6. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-3566, CVE-2014-6587, CVE-2014-6601, CVE-2015-0395, CVE-2015-0408, CVE-2015-0412) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-6585, CVE-2014-6591, CVE-2015-0400, CVE-2015-0407) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and integrity. An attacker could exploit this to expose sensitive dat

CVE-2014-6591 [LOW] CWE-125 ICU: font parsing OOB read (OpenJDK 2D, 8056276) ICU: font parsing OOB read (OpenJDK 2D, 8056276) Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585. A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. Package: icu (Red Hat Enterprise Linux 5) - Will not fix Package: icu (Red Hat Enterprise Linux 6) - Will not fix Package: icu (Red Hat Enterprise Linux 7) - Will not fix Package: java-1.8.0-openjdk (Red Hat Enterprise Linux 7) - Not affected Package: java-1.8.0-oracle (Red Hat Enterpri

CVE-2014-6585 [LOW] CWE-125 ICU: font parsing OOB read (OpenJDK 2D, 8055489) ICU: font parsing OOB read (OpenJDK 2D, 8055489) Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591. A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. Package: icu (Red Hat Enterprise Linux 5) - Will not fix Package: icu (Red Hat Enterprise Linux 6) - Will not fix Package: icu (Red Hat Enterprise Linux 7) - Will not fix Package: java-1.8.0-openjdk (Red Hat Enterprise Linux 7) - Not affected Package: java-1.8.0-oracle (Red Hat Enterprise Linux 7) - Not affecte

CVE-2014-6591 [LOW] CVE-2014-6591: icu - Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u8... Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585. Scope: local bookworm: resolved (fixed in 52.1-7) bullseye: resolved (fixed in 52.1-7) forky: resolved (fixed in 52.1-7) sid: resolved (fixed in 52.1-7) trixie: resolved (fixed in 52.1-7)

CVE-2014-6585 [LOW] CVE-2014-6585: icu - Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows ... Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591. Scope: local bookworm: resolved (fixed in 52.1-7.1) bullseye: resolved (fixed in 52.1-7.1) forky: resolved (fixed in 52.1-7.1) sid: resolved (fixed in 52.1-7.1) trixie: resolved (fixed in 52.1-7.1)

CVE-2014-6591 [LOW] CVE-2014-6591 CVE-2014-6585 mingw-icu: various flaws [fedora-all] CVE-2014-6591 CVE-2014-6585 mingw-icu: various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. Whil

CVE-2014-6591 [LOW] CVE-2014-6591 CVE-2014-6585 mingw-icu: various flaws [epel-7] CVE-2014-6591 CVE-2014-6585 mingw-icu: various flaws [epel-7] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. epel-7 tracking bug for mingw-icu: see blocks bug list for full det

CVE-2014-6591 [LOW] CVE-2014-6591 CVE-2014-6585 icu: various flaws [fedora-all] CVE-2014-6591 CVE-2014-6585 icu: various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only

CVE-2014-6591 [LOW] CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276) CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276) A flaw was found in the way the layout component of ICU parsed font files. A specially crafted file could cause an application using ICU to parse untrusted font files to perform an invalid memory access and possibly disclose portion of its memory. ICU code is embedded the 2D component in OpenJDK and used by FontManager. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. Discussion: Created attachment 981490 OpenJDK-8 patch --- Public now via Oracle Critical Patch Update - January 2015. Fixed in Oracle Java SE 5.0u81, 6u91, 7u75, and 8u31. External References: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA --- This issue has b