CVE-2015-7810
First published: Fri Nov 22 2019(Updated: )
libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Videolan Libbluray | <0.8.0 | |
| Redhat Enterprise Linux | =7.0 | |
| Fedoraproject Fedora | =17 | |
| Fedoraproject Fedora | =18 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| debian/libbluray | 1:1.2.1-4+deb11u2 1:1.3.4-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.openwall.com/lists/oss-security/2015/10/12/7
- https://www.openwall.com/lists/oss-security/2015/10/13/6
- https://bugzilla.redhat.com/show_bug.cgi?id=959434
- https://security-tracker.debian.org/tracker/CVE-2015-7810
- http://www.openwall.com/lists/oss-security/2015/10/12/7
- http://www.securityfocus.com/bid/72769
- https://access.redhat.com/security/cve/cve-2015-7810
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7810
Frequently Asked Questions
What is CVE-2015-7810?
CVE-2015-7810 is a vulnerability in the libbluray MountManager class that allows a time-of-check time-of-use (TOCTOU) race condition when expanding JAR files.
How severe is CVE-2015-7810?
CVE-2015-7810 has a severity score of 4.7, which is considered medium.
What is the affected software for CVE-2015-7810?
The affected software for CVE-2015-7810 includes libbluray package versions 1:1.1.0-1, 1:1.1.0-1+deb10u1, 1:1.2.1-4+deb11u2, and 1:1.3.4-1 on Debian systems. It also includes Videolan Libbluray versions up to 0.8.0, Redhat Enterprise Linux version 7.0, Fedora versions 17 and 18, and Debian Linux versions 8.0, 9.0, and 10.0.
How do I fix CVE-2015-7810?
To fix CVE-2015-7810, update the libbluray package to a patched version provided by the respective vendor or distribution.
Where can I find more information about CVE-2015-7810?
You can find more information about CVE-2015-7810 at the following references: [1](http://www.openwall.com/lists/oss-security/2015/10/12/7), [2](http://www.securityfocus.com/bid/72769), [3](https://access.redhat.com/security/cve/cve-2015-7810).
- agent/references
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- vendor/videolan
- canonical/videolan libbluray
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/17
- version/fedoraproject fedora/18
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- package-manager/debian