CVE-2014-2483
First published: Tue Jul 15 2014(Updated: )
It was discovered that the Libraries component did not properly restrict the use of privileged annotations. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Debian Debian Linux | =7.0 | |
| Redhat Enterprise Linux | =5 | |
| Redhat Enterprise Linux | =6.0 | |
| Redhat Enterprise Linux | =7.0 | |
| Oracle JDK | =1.7.0-update60 | |
| Oracle JRE | =1.7.0-update60 | |
| Oracle OpenJDK | =1.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://rhn.redhat.com/errata/RHSA-2014-0890.html
- https://rhn.redhat.com/errata/RHSA-2014-0889.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028584.html
- http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/848481af9003
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA
- https://rhn.redhat.com/errata/RHSA-2014-0902.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1119626
- http://marc.info/?l=bugtraq&m=140852886808946&w=2
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://secunia.com/advisories/60485
- http://secunia.com/advisories/60812
- http://security.gentoo.org/glsa/glsa-201502-12.xml
- http://www.debian.org/security/2014/dsa-2987
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- http://www.securityfocus.com/bid/68608
- http://www.securitytracker.com/id/1030577
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- https://access.redhat.com/errata/RHSA-2014:0902
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/remedy
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-2483
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/7.0
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/5
- version/redhat enterprise linux/6.0
- version/redhat enterprise linux/7.0
- vendor/oracle
- canonical/oracle jdk
- version/oracle jdk/1.7.0-update60
- canonical/oracle jre
- version/oracle jre/1.7.0-update60
- canonical/oracle openjdk
- version/oracle openjdk/1.7.0