Bug 1183646 (CVE-2014-6591) - CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276)
Summary: CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276)
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-6591
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1184811 1184812 1184813
Blocks: 957599 1179762
TreeView+ depends on / blocked
 
Reported: 2015-01-19 11:42 UTC by Tomas Hoger
Modified: 2021-02-17 05:47 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory.
Clone Of:
Environment:
Last Closed: 2015-02-24 14:30:34 UTC
Embargoed:

Attachments (Terms of Use)
OpenJDK-8 patch (2.97 KB, patch)
2015-01-19 11:49 UTC, Tomas Hoger 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0067 0 normal SHIPPED_LIVE Critical: java-1.7.0-openjdk security update 2015-01-22 02:45:27 UTC
Red Hat Product Errata RHSA-2015:0068 0 normal SHIPPED_LIVE Important: java-1.7.0-openjdk security update 2015-01-21 03:38:26 UTC
Red Hat Product Errata RHSA-2015:0069 0 normal SHIPPED_LIVE Important: java-1.8.0-openjdk security update 2015-01-22 02:38:44 UTC
Red Hat Product Errata RHSA-2015:0079 0 normal SHIPPED_LIVE Critical: java-1.7.0-oracle security update 2017-12-15 15:35:56 UTC
Red Hat Product Errata RHSA-2015:0080 0 normal SHIPPED_LIVE Critical: java-1.8.0-oracle security update 2017-12-15 15:34:38 UTC
Red Hat Product Errata RHSA-2015:0085 0 normal SHIPPED_LIVE Important: java-1.6.0-openjdk security update 2015-01-26 23:10:42 UTC
Red Hat Product Errata RHSA-2015:0086 0 normal SHIPPED_LIVE Important: java-1.6.0-sun security update 2017-12-15 15:35:12 UTC
Red Hat Product Errata RHSA-2015:0133 0 normal SHIPPED_LIVE Critical: java-1.7.1-ibm security update 2015-02-06 00:35:28 UTC
Red Hat Product Errata RHSA-2015:0134 0 normal SHIPPED_LIVE Critical: java-1.7.0-ibm security update 2015-02-06 00:34:56 UTC
Red Hat Product Errata RHSA-2015:0135 0 normal SHIPPED_LIVE Critical: java-1.6.0-ibm security update 2015-02-06 00:34:28 UTC
Red Hat Product Errata RHSA-2015:0136 0 normal SHIPPED_LIVE Important: java-1.5.0-ibm security update 2015-02-06 00:29:26 UTC
Red Hat Product Errata RHSA-2015:0263 0 normal SHIPPED_LIVE Low: Red Hat Satellite IBM Java Runtime security update 2015-02-24 18:20:04 UTC
Red Hat Product Errata RHSA-2015:0264 0 normal SHIPPED_LIVE Low: Red Hat Satellite IBM Java Runtime security update 2015-02-24 18:44:15 UTC

Description Tomas Hoger 2015-01-19 11:42:34 UTC 
A flaw was found in the way the layout component of ICU parsed font files.  A specially crafted file could cause an application using ICU to parse untrusted font files to perform an invalid memory access and possibly disclose portion of its memory.

ICU code is embedded the 2D component in OpenJDK and used by FontManager.  An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.
Comment 1 Tomas Hoger 2015-01-19 11:49:12 UTC 
Created attachment 981490 [details]
OpenJDK-8 patch
Comment 2 Tomas Hoger 2015-01-20 22:10:14 UTC 
Public now via Oracle Critical Patch Update - January 2015.  Fixed in Oracle Java SE 5.0u81, 6u91, 7u75, and 8u31.

External References:

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA
Comment 3 errata-xmlrpc 2015-01-20 22:39:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2015:0068 https://rhn.redhat.com/errata/RHSA-2015-0068.html
Comment 5 errata-xmlrpc 2015-01-21 22:45:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2015:0069 https://rhn.redhat.com/errata/RHSA-2015-0069.html
Comment 6 errata-xmlrpc 2015-01-21 22:59:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2015:0067 https://rhn.redhat.com/errata/RHSA-2015-0067.html
Comment 7 Tomas Hoger 2015-01-22 10:15:20 UTC 
Upstream OpenJDK commits:

http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/be61bf86aee9
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/2dfb4ef6c76d
Comment 8 Tomas Hoger 2015-01-22 10:23:16 UTC 
Created mingw-icu tracking bugs for this issue:

Affects: fedora-all [bug 1184812]
Affects: epel-7 [bug 1184813]
Comment 9 Tomas Hoger 2015-01-22 10:23:19 UTC 
Created icu tracking bugs for this issue:

Affects: fedora-all [bug 1184811]
Comment 10 errata-xmlrpc 2015-01-22 21:25:02 UTC 
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 6

Via RHSA-2015:0080 https://rhn.redhat.com/errata/RHSA-2015-0080.html
Comment 11 errata-xmlrpc 2015-01-22 21:35:35 UTC 
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 7
  Oracle Java for Red Hat Enterprise Linux 5
  Oracle Java for Red Hat Enterprise Linux 6

Via RHSA-2015:0079 https://rhn.redhat.com/errata/RHSA-2015-0079.html
Comment 12 Tomas Hoger 2015-01-26 14:53:07 UTC 
This issue was fixed in IcedTea6 1.13.6 and IcedTea7 2.5.4:

http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-January/030488.html
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-January/030469.html
Comment 13 errata-xmlrpc 2015-01-26 17:28:46 UTC 
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 7
  Oracle Java for Red Hat Enterprise Linux 6
  Oracle Java for Red Hat Enterprise Linux 5

Via RHSA-2015:0086 https://rhn.redhat.com/errata/RHSA-2015-0086.html
Comment 14 errata-xmlrpc 2015-01-26 18:12:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2015:0085 https://rhn.redhat.com/errata/RHSA-2015-0085.html
Comment 16 errata-xmlrpc 2015-02-05 19:30:39 UTC 
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2015:0136 https://rhn.redhat.com/errata/RHSA-2015-0136.html
Comment 17 errata-xmlrpc 2015-02-05 19:36:11 UTC 
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2015:0135 https://rhn.redhat.com/errata/RHSA-2015-0135.html
Comment 18 errata-xmlrpc 2015-02-05 19:36:55 UTC 
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2015:0134 https://rhn.redhat.com/errata/RHSA-2015-0134.html
Comment 19 errata-xmlrpc 2015-02-05 19:37:45 UTC 
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 7
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2015:0133 https://rhn.redhat.com/errata/RHSA-2015-0133.html
Comment 20 errata-xmlrpc 2015-02-24 13:21:01 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite Server v 5.7

Via RHSA-2015:0263 https://rhn.redhat.com/errata/RHSA-2015-0263.html
Comment 21 errata-xmlrpc 2015-02-24 13:46:11 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite Server v 5.6

Via RHSA-2015:0264 https://rhn.redhat.com/errata/RHSA-2015-0264.html
Comment 22 Tomas Hoger 2015-03-09 12:56:53 UTC 
(In reply to Tomas Hoger from comment #7)
> Upstream OpenJDK commits:
> 
> http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/be61bf86aee9
> http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/2dfb4ef6c76d

ICU upstream commit:

http://bugs.icu-project.org/trac/changeset/37086
Comment 23 Fedora Update System 2015-03-22 04:41:40 UTC 
icu-50.1.2-11.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 24 Fedora Update System 2015-04-02 15:35:37 UTC 
icu-52.1-5.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 25 Fedora Update System 2015-09-24 05:10:27 UTC 
icu-54.1-5.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 26 Fedora Update System 2015-10-13 17:03:03 UTC 
icu-54.1-4.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.