Gentoo Linux Security Advisory 201406-32 - Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution. Versions less than 6.1.13.3 are affected.
090fb98b78d165daf38005d744a51c041e7041bc82e7280894ff7c9447061a32Debian Linux Security Advisory 2224-1 - Several security vulnerabilities were discovered in OpenJDK, an implementation of the Java platform.
0cc870e76e7b9179425d80a38135012547ab97647816b6a849b661b8f3907c9fMandriva Linux Security Advisory 2011-054 - Multiple vulnerabilities has been identified and fixed in java-1.6.0-openjdk. The JNLP SecurityManager in IcedTea 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. Unspecified vulnerability in the Java Runtime Environment in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. Various other issues have also been identified and addressed.
904fc941643717491978f0d993636fcedc72d278bb781afe4417e8ff6ceae8fdUbuntu Security Notice 1055-1 - It was discovered that IcedTea for Java did not properly verify signatures when handling multiply signed or partially signed JAR files, allowing an attacker to cause code to execute that appeared to come from a verified source. USN 1052-1 fixed a vulnerability in OpenJDK for Ubuntu 9.10 and Ubuntu 10.04 LTS on all architectures, and Ubuntu 10.10 for all architectures except for the armel (ARM) architecture. This update provides the corresponding update for Ubuntu 10.10 on the armel (ARM) architecture. It was discovered that the JNLP SecurityManager in IcedTea for Java OpenJDK in some instances failed to properly apply the intended security policy in its checkPermission method. This could allow an attacker to execute code with privileges that should have been prevented.
f46a6d7f1d829af30a54a7be6942ff2a3e75df718ac0e1ab950de5dc8d69e93aUbuntu Security Notice 1052-1 - It was discovered that the JNLP SecurityManager in IcedTea for Java OpenJDK in some instances failed to properly apply the intended security policy in its checkPermission method. This could allow an attacker execute code with privileges that should have been prevented.
7b17cc6f05973bd79811492179b2b66c2f3275af2843ddc9ebae4ac3103af427Zero Day Initiative Advisory 11-014 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Java OpenJDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the IcedTea.so component. When handling the an applet the process fails to properly restrict permission of code. It is possible to create and instantiate subclasses of ClassLoader. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
963f22653942441a3c7938155483e9692215f51370ab6d366130f9a48bacaff2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed