Executive Summary
Summary | |
---|---|
Title | openjdk-7 security update |
Informations | |||
---|---|---|---|
Name | DSA-3235 | First vendor Publication | 2015-04-24 |
Vendor | Debian | Last vendor Modification | 2015-04-24 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 7u79-2.5.5-1~deb7u1. For the upcoming stable distribution (jessie), these problems will be fixed soon in version 7u79-2.5.5-1~deb8u1 (the update will be available shortly after the final jessie release). For the unstable distribution (sid), these problems have been fixed in version 7u79-2.5.5-1. We recommend that you upgrade your openjdk-7 packages. |
Original Source
Url : http://www.debian.org/security/2015/dsa-3235 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:28599 | |||
Oval ID: | oval:org.mitre.oval:def:28599 | ||
Title: | RHSA-2015:0806 -- java-1.7.0-openjdk security update (Critical) | ||
Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2015:0806 CESA-2015:0806-CentOS 7 CESA-2015:0806-CentOS 6 CVE-2005-1080 CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 7 CentOS Linux 6 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29084 | |||
Oval ID: | oval:org.mitre.oval:def:29084 | ||
Title: | RHSA-2015:0807 -- java-1.7.0-openjdk security update (Important) | ||
Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2015:0807 CESA-2015:0807 CVE-2005-1080 CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29136 | |||
Oval ID: | oval:org.mitre.oval:def:29136 | ||
Title: | RHSA-2015:0809 -- java-1.8.0-openjdk security update (Important) | ||
Description: | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2015:0809 CESA-2015:0809-CentOS 7 CESA-2015:0809-CentOS 6 CVE-2005-1080 CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 7 CentOS Linux 6 | Product(s): | java-1.8.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29140 | |||
Oval ID: | oval:org.mitre.oval:def:29140 | ||
Title: | RHSA-2015:0808 -- java-1.6.0-openjdk security update (Important) | ||
Description: | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2015:0808 CESA-2015:0808-CentOS 7 CESA-2015:0808-CentOS 6 CESA-2015:0808-CentOS 5 CVE-2005-1080 CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 7 CentOS Linux 6 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 | |
Application | 4 | |
Application | 1 | |
Application | 1 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201603-11.nasl - Type : ACT_GATHER_INFO |
2016-01-14 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0113-1.nasl - Type : ACT_GATHER_INFO |
2015-12-16 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2168-2.nasl - Type : ACT_GATHER_INFO |
2015-12-09 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2216-1.nasl - Type : ACT_GATHER_INFO |
2015-12-04 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2182-1.nasl - Type : ACT_GATHER_INFO |
2015-12-03 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2168-1.nasl - Type : ACT_GATHER_INFO |
2015-12-03 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2166-1.nasl - Type : ACT_GATHER_INFO |
2015-07-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3316.nasl - Type : ACT_GATHER_INFO |
2015-06-29 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1086-4.nasl - Type : ACT_GATHER_INFO |
2015-06-26 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1138-1.nasl - Type : ACT_GATHER_INFO |
2015-06-26 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1086-3.nasl - Type : ACT_GATHER_INFO |
2015-06-23 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1086-2.nasl - Type : ACT_GATHER_INFO |
2015-06-19 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1086-1.nasl - Type : ACT_GATHER_INFO |
2015-06-19 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1085-1.nasl - Type : ACT_GATHER_INFO |
2015-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1091.nasl - Type : ACT_GATHER_INFO |
2015-06-10 | Name : The remote AIX host has a version of Java SDK installed that is affected by m... File : aix_java_april2015_advisory.nasl - Type : ACT_GATHER_INFO |
2015-05-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1021.nasl - Type : ACT_GATHER_INFO |
2015-05-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1020.nasl - Type : ACT_GATHER_INFO |
2015-05-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1007.nasl - Type : ACT_GATHER_INFO |
2015-05-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1006.nasl - Type : ACT_GATHER_INFO |
2015-05-08 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-150419.nasl - Type : ACT_GATHER_INFO |
2015-05-07 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-517.nasl - Type : ACT_GATHER_INFO |
2015-05-01 | Name : The remote Debian host is missing a security update. File : debian_DLA-213.nasl - Type : ACT_GATHER_INFO |
2015-04-28 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-332.nasl - Type : ACT_GATHER_INFO |
2015-04-28 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-331.nasl - Type : ACT_GATHER_INFO |
2015-04-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-212.nasl - Type : ACT_GATHER_INFO |
2015-04-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3235.nasl - Type : ACT_GATHER_INFO |
2015-04-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3234.nasl - Type : ACT_GATHER_INFO |
2015-04-27 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-516.nasl - Type : ACT_GATHER_INFO |
2015-04-27 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-515.nasl - Type : ACT_GATHER_INFO |
2015-04-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2574-1.nasl - Type : ACT_GATHER_INFO |
2015-04-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2573-1.nasl - Type : ACT_GATHER_INFO |
2015-04-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0858.nasl - Type : ACT_GATHER_INFO |
2015-04-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0857.nasl - Type : ACT_GATHER_INFO |
2015-04-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0854.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0809.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0806.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0807.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0808.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0809.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_apr_2015.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_apr_2015_unix.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_jrockit_cpu_apr_2015.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0807.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0806.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0808.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150415_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150415_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150415_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150415_java_1_8_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2015-04-15 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0806.nasl - Type : ACT_GATHER_INFO |
2015-04-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0807.nasl - Type : ACT_GATHER_INFO |
2015-04-15 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0809.nasl - Type : ACT_GATHER_INFO |
2015-04-15 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0808.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-11-09 21:27:10 |
|
2015-04-28 13:33:34 |
|
2015-04-24 21:26:41 |
|