Bug 1183670 (CVE-2015-0437)
| Summary: | CVE-2015-0437 OpenJDK: code generation issue (Hotspot, 8064524) | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | unspecified | CC: | dbhole, jvanek, sbaiduzh, security-response-team |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
A flaw was found in the way the Hotspot component in OpenJDK in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-01-26 07:42:21 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1179762 | ||
|
Description
Tomas Hoger
2015-01-19 12:42:53 UTC
Public now via Oracle Critical Patch Update - January 2015. Fixed in Oracle Java SE 8u31. External References: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:0069 https://rhn.redhat.com/errata/RHSA-2015-0069.html Upstream OpenJDK commit: http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/rev/9906d432d6db This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2015:0080 https://rhn.redhat.com/errata/RHSA-2015-0080.html |