First published: Tue Jul 14 2015(Updated: )
An unspecified flaw was found in the Libraries component in OpenJDK. ObjectInputStream's readSerialData() could, in certain cases, incorrectly perform deserialization of data from serialized input. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
Credit: secalert_us@oracle.com secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle JDK | =1.6.0-update95 | |
Oracle JDK | =1.7.0-update75 | |
Oracle JDK | =1.7.0-update80 | |
Oracle JDK | =1.8.0-update_33 | |
Oracle JDK | =1.8.0-update45 | |
Oracle JRE | =1.6.0-update_95 | |
Oracle JRE | =1.7.0-update_75 | |
Oracle JRE | =1.7.0-update_80 | |
Oracle JRE | =1.8.0-update_33 | |
Oracle JRE | =1.8.0-update_45 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =15.04 | |
Debian Debian Linux | =7.0 | |
Debian Debian Linux | =8.0 | |
SUSE Linux Enterprise Debuginfo | =11-sp3 | |
SUSE Linux Enterprise Debuginfo | =11-sp4 | |
openSUSE openSUSE | =13.1 | |
openSUSE openSUSE | =13.2 | |
SUSE Linux Enterprise Desktop | =11-sp3 | |
SUSE Linux Enterprise Desktop | =11-sp4 | |
SUSE Linux Enterprise Desktop | =12 | |
SUSE Linux Enterprise Server | =12 | |
Redhat Satellite | =5.6 | |
Redhat Satellite | =5.7 | |
Redhat Enterprise Linux Desktop | =5.0 | |
Redhat Enterprise Linux Desktop | =6.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Eus | =6.6 | |
Redhat Enterprise Linux Eus | =6.7 | |
Redhat Enterprise Linux Eus | =7.1 | |
Redhat Enterprise Linux Eus | =7.2 | |
Redhat Enterprise Linux Eus | =7.3 | |
Redhat Enterprise Linux Eus | =7.4 | |
Redhat Enterprise Linux Eus | =7.5 | |
Redhat Enterprise Linux For Ibm Z Systems | =6.0_s390x | |
Redhat Enterprise Linux For Ibm Z Systems Eus | =6.7_s390x | |
Redhat Enterprise Linux For Ibm Z Systems Eus | =7.1_s390x | |
Redhat Enterprise Linux For Ibm Z Systems Eus | =7.2_s390x | |
Redhat Enterprise Linux For Ibm Z Systems Eus | =7.3_s390x | |
Redhat Enterprise Linux For Ibm Z Systems Eus | =7.4_s390x | |
Redhat Enterprise Linux For Ibm Z Systems Eus | =7.5_s390x | |
Redhat Enterprise Linux For Power Big Endian | =6.0_ppc64 | |
Redhat Enterprise Linux For Power Big Endian | =7.0_ppc64 | |
Redhat Enterprise Linux For Power Big Endian Eus | =6.7_ppc64 | |
Redhat Enterprise Linux For Power Big Endian Eus | =7.1_ppc64 | |
Redhat Enterprise Linux For Power Big Endian Eus | =7.2_ppc64 | |
Redhat Enterprise Linux For Power Big Endian Eus | =7.3_ppc64 | |
Redhat Enterprise Linux For Power Big Endian Eus | =7.4_ppc64 | |
Redhat Enterprise Linux For Power Big Endian Eus | =7.5_ppc64 | |
Redhat Enterprise Linux For Power Little Endian | =7.0_ppc64le | |
Redhat Enterprise Linux For Power Little Endian Eus | =7.1_ppc64le | |
Redhat Enterprise Linux For Power Little Endian Eus | =7.2_ppc64le | |
Redhat Enterprise Linux For Power Little Endian Eus | =7.3_ppc64le | |
Redhat Enterprise Linux For Power Little Endian Eus | =7.4_ppc64le | |
Redhat Enterprise Linux For Power Little Endian Eus | =7.5_ppc64le | |
Redhat Enterprise Linux Server | =5.0 | |
Redhat Enterprise Linux Server | =6.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Aus | =6.6 | |
Redhat Enterprise Linux Server Aus | =7.3 | |
Redhat Enterprise Linux Server Aus | =7.4 | |
Redhat Enterprise Linux Server Aus | =7.6 | |
Redhat Enterprise Linux Server Aus | =7.7 | |
Redhat Enterprise Linux Server Tus | =6.6 | |
Redhat Enterprise Linux Server Tus | =7.3 | |
Redhat Enterprise Linux Server Tus | =7.6 | |
Redhat Enterprise Linux Server Tus | =7.7 | |
Redhat Enterprise Linux Workstation | =5.0 | |
Redhat Enterprise Linux Workstation | =6.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
Oracle Java SE | ||
debian/openjdk-8 | 8u432-b06-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2015-2590 is critical with a severity value of 10.
Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 are affected by CVE-2015-2590.
Remote attackers can exploit CVE-2015-2590 to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
You can find more information about CVE-2015-2590 on the Oracle website and the Trend Micro blog.
Apply the patches provided by Oracle and ensure that you are using the latest version of Oracle Java SE or Java SE Embedded.