|
|
Subscribe / Log in / New account

java: two vulnerabilities

Package(s):java-1.8.0-openjdk CVE #(s):CVE-2015-2659 CVE-2015-3149
Created:July 15, 2015 Updated:July 21, 2015
Description: From the Red Hat advisory:

It was discovered that the GCM (Galois Counter Mode) implementation in the Security component of OpenJDK failed to properly perform a null check. This could cause the Java Virtual Machine to crash when an application performed encryption using a block cipher in the GCM mode. (CVE-2015-2659)

Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. Note: This issue was originally fixed as CVE-2015-0383, but the fix was regressed in the RHSA-2015:0809 advisory. (CVE-2015-3149)

Alerts:
Gentoo 201603-11 oracle-jre-bin 2016-03-12
openSUSE openSUSE-SU-2015:1289-1 java-1_8_0-openjdk 2015-07-26
Mageia MGASA-2015-0280 java-1.8.0-openjdk 2015-07-27
Red Hat RHSA-2015:1241-01 java-1.8.0-oracle 2015-07-17
Scientific Linux SLSA-2015:1228-1 java-1.8.0-openjdk 2015-07-15
CentOS CESA-2015:1228 java-1.8.0-openjdk 2015-07-15
CentOS CESA-2015:1228 java-1.8.0-openjdk 2015-07-15
Red Hat RHSA-2015:1228-01 java-1.8.0-openjdk 2015-07-15
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds