CVE-2015-0469: Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via…

CVE-2015-0460 [CRITICAL] OpenJDK 6 vulnerabilities Title: OpenJDK 6 vulnerabilities Summary: Several security issues were fixed in OpenJDK 6. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469) Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. (CVE-2015-0480) Florian Weimer discovered that the RSA implementation in the JCE component in OpenJDK JRE did not follow recommended practices for implementing RSA signatures. An attacker could use this to expose sensitive data. (CVE-2015-0478) A vulnerabilit

CVE-2015-0460 [CRITICAL] OpenJDK 7 vulnerabilities Title: OpenJDK 7 vulnerabilities Summary: Several security issues were fixed in OpenJDK 7. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469) Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. (CVE-2015-0480) Florian Weimer discovered that the RSA implementation in the JCE component in OpenJDK JRE did not follow recommended practices for implementing RSA signatures. An attacker could use this to expose sensitive data. (CVE-2015-0478) A vulnerabilit

CVE-2015-0469 [CRITICAL] CWE-193 ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. Package: icu (Red Hat Enterprise Linux 5) - Not affected Package: icu (Red Hat Enterprise Linux 6) - Not affected Package: icu (Red Hat Enterprise Linux 7) - Affected

CVE-2015-0469 [CRITICAL] CVE-2015-0469: openjdk-8 - Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows ... Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Scope: local sid: resolved (fixed in 8u45-b14-1)

CVE-2015-0469 [HIGH] GHSA-23mh-jxf4-vm3h: Unspecified vulnerability in Oracle Java SE 5 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

CVE-2015-0460 [CRITICAL] openjdk-7 vulnerabilities openjdk-7 vulnerabilities Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469) Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. (CVE-2015-0480) Florian Weimer discovered that the RSA implementation in the JCE component in OpenJDK JRE did not follow recommended practices for implementing RSA signatures. An attacker could use this to expose sensitive data. (CVE-2015-0478) A vulnerability was discovered in the OpenJDK JRE related to data integrity. An

CVE-2015-0469 [CRITICAL] CVE-2015-0469: Unspecified vulnerability in Oracle Java SE 5 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

CVE-2015-0469 [CRITICAL] CVE-2015-0469 mingw-icu: ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) [fedora-all] CVE-2015-0469 mingw-icu: ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multip

CVE-2015-0469 [CRITICAL] CVE-2015-0469 mingw-icu: ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) [epel-7] CVE-2015-0469 mingw-icu: ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) [epel-7] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. epel-7 tracking bug for mingw-

CVE-2015-0469 [CRITICAL] CVE-2015-0469 ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) [fedora-all] CVE-2015-0469 ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supporte

CVE-2015-0469 [CRITICAL] CVE-2015-0469 ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) CVE-2015-0469 ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) An off-by-one error, leading to heap-based buffer overflow in the ICU Layout Engine ligature substitution processor. A check which was added as part of fix for CVE-2013-1569 (bug 952711) / CVE-2013-2383 (bug 952708) / CVE-2013-2384 (bug 952709) was found to contain an incorrect array boundary check. A specially crafted file could cause an application using ICU to parse untrusted font files to crash or, possibly, execute arbitrary code. The original fix was added to OpenJDK and ICU via the following commits: http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/6784c9903db7 http://bugs.icu-project.org/trac/changeset/33535 http://bugs.icu-project.org/trac/ticket/10107 ICU code is embedded the 2D component in Ope