OracleCVELIST:CVE-2013-5893CVE-2013-5893
Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to improper handling of methods in MethodHandles in HotSpot JVM, which allows attackers to escape the sandbox.
References
hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/839100e42498
lists.opensuse.org/opensuse-updates/2014-01/msg00105.html
lists.opensuse.org/opensuse-updates/2014-01/msg00107.html
lists.opensuse.org/opensuse-updates/2014-02/msg00000.html
marc.info/?l=bugtraq&m=139402697611681&w=2
osvdb.org/102000
rhn.redhat.com/errata/RHSA-2014-0026.html
rhn.redhat.com/errata/RHSA-2014-0027.html
rhn.redhat.com/errata/RHSA-2014-0030.html
secunia.com/advisories/56432
secunia.com/advisories/56485
secunia.com/advisories/56486
secunia.com/advisories/56535
www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
www.securityfocus.com/bid/64758
www.securityfocus.com/bid/64863
www.securitytracker.com/id/1029608
www.ubuntu.com/usn/USN-2089-1
bugzilla.redhat.com/show_bug.cgi?id=1051549
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777
Related
