jdk8-openjdk: multiple issues

2015-10-23T00:00:00
ID ASA-201510-18
Type archlinux
Reporter Arch Linux
Modified 2015-10-23T00:00:00

Description

  • CVE-2015-4734 (information disclosure)

It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about the Kerberos configuration on the host where they were executed, bypassing certain Java sandbox restrictions.

  • CVE-2015-4803 (denial of service)

It was discovered that the JAXP component of OpenJDK did not use efficient data structures to store data from parsed XML documents. A specially-crafted XML input could cause a Java application using JAXP to use an excessive amount of CPU time by e.g. triggering hash collisions.

  • CVE-2015-4805 (arbitrary code execution)

It was discovered that the ObjectStreamClass in the Serialization component of OpenJDK failed to ensure that the object is fully initialized before allowing calls of certain methods. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions to execute code.

  • CVE-2015-4806 (improper input validation)

A vulnerability has been discovered leading to HttpURLConnection header restriction bypass, allowing remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.

  • CVE-2015-4810 (arbitrary code execution)

An unspecified vulnerability has been discovered that allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

  • CVE-2015-4835 (arbitrary code execution)

It was discovered that the StubGenerator class in the CORBA component of OpenJDK failed to generate code with all needed permission checks related to object (de-)serialization. An untursted Java application or applet could use this flaw to bypass Java sandbox restrictions and execute arbitrary code.

  • CVE-2015-4840 (information disclosure)

It was discovered that the 2D component of OpenJDK could perform out of bounds access and possibly disclose portions of the Java Virtual Machine memory when processing specially crafted color profiles. The issue was caused by having bundled lcms2 code use fast floor() implementation. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.

  • CVE-2015-4842 (information disclosure)

An information disclosure flaw was found in the JAXP component of OpenJDK. An untrusted Java application or applet could use this flaw to get information about user home directory location (the content of the "user.dir" system property), hence bypassing certain Java sandbox restrictions.

  • CVE-2015-4843 (arbitrary code execution)

Multiple integer overflow issues were found in the implementation of Buffers in the java.nio (Non-blocking I/O) packages in the Libraries component of OpenJDK. These could lead to out of bounds buffer access and Java Virtual Machine memory corruption. An untursted Java application or applet could use these flaws to run arbitrary code with the Java Virtual Machine privileges or bypass Java sandbox restrictions.

  • CVE-2015-4844 (arbitrary code execution)

It was discovered that ICU Layout Engine was missing multiple boundary and error return checks. These could lead to buffer overflows and memory corruption. A specially crafted font file could cause an application using ICU to parse untrusted fonts to crash and, possibly, execute arbitrary code.

  • CVE-2015-4860 (sandbox bypass)

It was discovered that the DGCImpl (for RMI distributed garbage-collection - DGC) class in the RMI component of OpenJDK failed to use restricted access control context when processing untrusted input. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.

  • CVE-2015-4868 (security policy bypass)

A flaw was found in the way the Libraries component of OpenJDK handled certificate revocation lists (CRL). In certain cases, CRL checking code could fail to report that a certificate was revoked, causing the application to accept it as trusted.

  • CVE-2015-4872 (security policy bypass)

It was discovered that the AlgorithmChecker class in the Security component of OpenJDK failed to properly check if a certificate satisfies all defined constraints in certain cases. This could cause a Java application to accept an X.509 certificate which does not meet requirements of the policy defined in the java.security file.

  • CVE-2015-4881 (sandbox bypass)

It was discovered that the IIOPInputStream class in the CORBA component of OpenJDK failed to properly check object and field types during object deserialization. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.

  • CVE-2015-4882 (denial of service)

A flaw was found in the way the IIOPInputStream class in the CORBA component of OpenJDK performed deserialization of String objects. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine.

  • CVE-2015-4883 (sandbox bypass)

It was discovered that the DGCClient (for RMI distributed garbage-collection - DGC) class in the RMI component of OpenJDK failed to use restricted access control context when handling JRMP (Java Remote Method Protocol) messages. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.

  • CVE-2015-4893 (denial of service)

It was discovered that the JAXP component of OpenJDK did not enforce the maximum XML name limit (jdk.xml.MaxXMLNameLimit) when parsing XML files. A specially crafted XML document could cause a Java application using JAXP to consume an excessive amount of memory and CPU time when parsed.

  • CVE-2015-4901 (unknown)

A unspecified vulnerability allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.

  • CVE-2015-4902 (unknown)

An unspecified vulnerability has been discovered that allows remote attackers to affect integrity via unknown vectors related to Deployment.

  • CVE-2015-4903 (sandbox bypass)

It was discovered that the RemoteObjectInvocationHandler class in the RMI component of OpenJDK did not check if object proxy is an instance of a proxy class and that it uses correct invocation handler. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions by gaining access to data that should by protected by the sandbox.

  • CVE-2015-4906 (unknown)

A unspecified vulnerability allows remote attackers to affect confidentiality via unknown vectors related to JavaFX.

  • CVE-2015-4908 (unknown)

A unspecified vulnerability allows remote attackers to affect confidentiality via unknown vectors.

  • CVE-2015-4911 (denial of service)

It was discovered that the StAX XML parser in the JAXP component of OpenJDK could do certain DTD processing even when DTD support was disabled via the javax.xml.stream.supportDTD system property. A specially crafted XML document could cause a Java application using JAXP to consume an excessive amount of memory and CPU time when parsed.

  • CVE-2015-4916 (unknown)

A unspecified vulnerability allows remote attackers to affect confidentiality via unknown vectors.