Bug 1211543 (CVE-2015-0488) - CVE-2015-0488 OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720)
Summary: CVE-2015-0488 OpenJDK: certificate options parsing uncaught exception (JSSE, ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2015-0488
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1209063
TreeView+ depends on / blocked
 
Reported: 2015-04-14 09:37 UTC by Tomas Hoger
Modified: 2019-09-29 13:31 UTC (History)
5 users (show)

Fixed In Version: IcedTea6 1.13.7, IcedTea7 2.5.5
Doc Type: Bug Fix
Doc Text:
A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly.
Clone Of:
Environment:
Last Closed: 2015-05-20 20:39:34 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0806 normal SHIPPED_LIVE Critical: java-1.7.0-openjdk security update 2015-04-15 20:54:17 UTC
Red Hat Product Errata RHSA-2015:0807 normal SHIPPED_LIVE Important: java-1.7.0-openjdk security update 2015-04-15 00:18:32 UTC
Red Hat Product Errata RHSA-2015:0808 normal SHIPPED_LIVE Important: java-1.6.0-openjdk security update 2015-04-15 20:44:55 UTC
Red Hat Product Errata RHSA-2015:0809 normal SHIPPED_LIVE Important: java-1.8.0-openjdk security update 2015-04-15 19:15:09 UTC
Red Hat Product Errata RHSA-2015:0854 normal SHIPPED_LIVE Critical: java-1.8.0-oracle security update 2017-12-15 15:34:03 UTC
Red Hat Product Errata RHSA-2015:0857 normal SHIPPED_LIVE Critical: java-1.7.0-oracle security update 2017-12-15 15:35:29 UTC
Red Hat Product Errata RHSA-2015:0858 normal SHIPPED_LIVE Important: java-1.6.0-sun security update 2017-12-15 15:32:13 UTC
Red Hat Product Errata RHSA-2015:1006 normal SHIPPED_LIVE Critical: java-1.6.0-ibm security update 2015-05-13 17:34:08 UTC
Red Hat Product Errata RHSA-2015:1007 normal SHIPPED_LIVE Critical: java-1.7.0-ibm security update 2015-05-13 17:33:04 UTC
Red Hat Product Errata RHSA-2015:1020 normal SHIPPED_LIVE Critical: java-1.7.1-ibm security update 2015-05-20 23:05:51 UTC
Red Hat Product Errata RHSA-2015:1021 normal SHIPPED_LIVE Important: java-1.5.0-ibm security update 2015-05-20 22:36:22 UTC
Red Hat Product Errata RHSA-2015:1091 normal SHIPPED_LIVE Low: Red Hat Satellite IBM Java Runtime security update 2015-06-11 17:21:29 UTC

Description Tomas Hoger 2015-04-14 09:37:23 UTC
A flaw was found in the way the JSSE (Java Secure Socket Extension) component in OpenJDK parsed X.509 certificate options.  A specially-crafted certificate could cause JSSE to raise an unexpected exception, possibly causing an application using JSSE to exit unexpectedly.

Comment 1 Tomas Hoger 2015-04-14 19:45:37 UTC
Public now via Oracle Critical Patch Update - April 2015.  Fixed in Oracle Java SE 6u95, 7u79, and 8u45.

External References:

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA

Comment 2 errata-xmlrpc 2015-04-14 20:19:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2015:0807 https://rhn.redhat.com/errata/RHSA-2015-0807.html

Comment 3 errata-xmlrpc 2015-04-15 15:16:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 6

Via RHSA-2015:0809 https://rhn.redhat.com/errata/RHSA-2015-0809.html

Comment 4 errata-xmlrpc 2015-04-15 16:58:26 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 6

Via RHSA-2015:0808 https://rhn.redhat.com/errata/RHSA-2015-0808.html

Comment 5 errata-xmlrpc 2015-04-15 16:58:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 6

Via RHSA-2015:0806 https://rhn.redhat.com/errata/RHSA-2015-0806.html

Comment 7 errata-xmlrpc 2015-04-17 10:29:31 UTC
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 7
  Oracle Java for Red Hat Enterprise Linux 6

Via RHSA-2015:0854 https://rhn.redhat.com/errata/RHSA-2015-0854.html

Comment 8 errata-xmlrpc 2015-04-20 14:08:56 UTC
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 5
  Oracle Java for Red Hat Enterprise Linux 7
  Oracle Java for Red Hat Enterprise Linux 6

Via RHSA-2015:0857 https://rhn.redhat.com/errata/RHSA-2015-0857.html

Comment 9 errata-xmlrpc 2015-04-20 14:28:41 UTC
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 5
  Oracle Java for Red Hat Enterprise Linux 7
  Oracle Java for Red Hat Enterprise Linux 6

Via RHSA-2015:0858 https://rhn.redhat.com/errata/RHSA-2015-0858.html

Comment 10 errata-xmlrpc 2015-05-13 13:34:03 UTC
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2015:1007 https://rhn.redhat.com/errata/RHSA-2015-1007.html

Comment 11 errata-xmlrpc 2015-05-13 13:35:39 UTC
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2015:1006 https://rhn.redhat.com/errata/RHSA-2015-1006.html

Comment 12 errata-xmlrpc 2015-05-20 18:36:53 UTC
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2015:1021 https://rhn.redhat.com/errata/RHSA-2015-1021.html

Comment 13 errata-xmlrpc 2015-05-20 19:06:26 UTC
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 7

Via RHSA-2015:1020 https://rhn.redhat.com/errata/RHSA-2015-1020.html

Comment 14 errata-xmlrpc 2015-06-11 13:22:03 UTC
This issue has been addressed in the following products:

  Red Hat Satellite Server v 5.6
  Red Hat Satellite Server v 5.7

Via RHSA-2015:1091 https://rhn.redhat.com/errata/RHSA-2015-1091.html


Note You need to log in before you can comment on or make changes to this bug.