First published: Tue Apr 14 2015(Updated: )
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime<br>Environment and the OpenJDK 6 Java Software Development Kit.<br>An off-by-one flaw, leading to a buffer overflow, was found in the font<br>parsing code in the 2D component in OpenJDK. A specially crafted font file<br>could possibly cause the Java Virtual Machine to execute arbitrary code,<br>allowing an untrusted Java application or applet to bypass Java sandbox<br>restrictions. (CVE-2015-0469)<br>A flaw was found in the way the Hotspot component in OpenJDK handled<br>phantom references. An untrusted Java application or applet could use this<br>flaw to corrupt the Java Virtual Machine memory and, possibly, execute<br>arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)<br>A flaw was found in the way the JSSE component in OpenJDK parsed X.509<br>certificate options. A specially crafted certificate could cause JSSE to<br>raise an exception, possibly causing an application using JSSE to exit<br>unexpectedly. (CVE-2015-0488)<br>A flaw was discovered in the Beans component in OpenJDK. An untrusted Java<br>application or applet could use this flaw to bypass certain Java sandbox<br>restrictions. (CVE-2015-0477)<br>A directory traversal flaw was found in the way the jar tool extracted JAR<br>archive files. A specially crafted JAR archive could cause jar to overwrite<br>arbitrary files writable by the user running jar when the archive was<br>extracted. (CVE-2005-1080, CVE-2015-0480)<br>It was found that the RSA implementation in the JCE component in OpenJDK<br>did not follow recommended practices for implementing RSA signatures.<br>(CVE-2015-0478)<br>The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat<br>Product Security.<br>All users of java-1.6.0-openjdk are advised to upgrade to these updated<br>packages, which resolve these issues. All running instances of OpenJDK Java<br>must be restarted for the update to take effect.<br>
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <1.6.0-openjdk-1.6.0.35-1.13.7.1.el7_1 | 1.6.0-openjdk-1.6.0.35-1.13.7.1.el7_1 |
redhat/java | <1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el7_1 | 1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el7_1 |
redhat/java | <1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el7_1 | 1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el7_1 |
redhat/java | <1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el7_1 | 1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el7_1 |
redhat/java | <1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el7_1 | 1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el7_1 |
redhat/java | <1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el7_1 | 1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el7_1 |
redhat/java | <1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6 | 1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6 |
redhat/java | <1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6 | 1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6 |
redhat/java | <1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el6_6 | 1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el6_6 |
redhat/java | <1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el6_6 | 1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el6_6 |
redhat/java | <1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el6_6 | 1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el6_6 |
redhat/java | <1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el6_6 | 1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el6_6 |
redhat/java | <1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el6_6 | 1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el6_6 |
redhat/java | <1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el6_6 | 1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el6_6 |
redhat/java | <1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el6_6 | 1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el6_6 |
redhat/java | <1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el6_6 | 1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el6_6 |
redhat/java | <1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el6_6 | 1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el6_6 |
redhat/java | <1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el6_6 | 1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el6_6 |
redhat/java | <1.6.0-openjdk-1.6.0.35-1.13.7.1.el5_11 | 1.6.0-openjdk-1.6.0.35-1.13.7.1.el5_11 |
redhat/java | <1.6.0-openjdk-1.6.0.35-1.13.7.1.el5_11 | 1.6.0-openjdk-1.6.0.35-1.13.7.1.el5_11 |
redhat/java | <1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el5_11 | 1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el5_11 |
redhat/java | <1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el5_11 | 1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el5_11 |
redhat/java | <1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el5_11 | 1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el5_11 |
redhat/java | <1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el5_11 | 1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el5_11 |
redhat/java | <1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el5_11 | 1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el5_11 |
redhat/java | <1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el5_11 | 1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el5_11 |
redhat/java | <1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el5_11 | 1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el5_11 |
redhat/java | <1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el5_11 | 1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el5_11 |
redhat/java | <1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el5_11 | 1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el5_11 |
redhat/java | <1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el5_11 | 1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el5_11 |
redhat/java | <1.6.0-openjdk-1.6.0.35-1.13.7.1.el7_1 | 1.6.0-openjdk-1.6.0.35-1.13.7.1.el7_1 |
redhat/java | <1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el7_1 | 1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el7_1 |
redhat/java | <1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el7_1 | 1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el7_1 |
redhat/java | <1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el7_1 | 1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el7_1 |
redhat/java | <1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el7_1 | 1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el7_1 |
redhat/java | <1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el7_1 | 1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el7_1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.