SUSE-SU-2015:1689-1 Security update for icedtea-web

The Java Plugin IcedTea Web was updated to 1.5.2, fixing bugs and security issues. permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. fixed DownloadService RH1231441 Unable to read the text of the buttons of the security...

icedtea-web: multiple issues

CVE-2015-5234 unexpected permanent authorization of unsigned applets It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed...

OpenJDK: incorrect permissions check in resource loading (Beans, 8068320)

A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions...

OpenJDK: incorrect permissions check in resource loading (Beans, 8068320)

A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions...

Critical: Red Hat Security Advisory: java-1.7.0-openjdk security update

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

OpenJDK: incorrect handling of phantom references (Hotspot, 8071931)

A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions...

OpenJDK: directory information leak via file chooser (Swing, 8055304)

An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...

ICU: font parsing OOB read (OpenJDK 2D, 8056276)

A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...

OpenJDK: directory information leak via file chooser (Swing, 8055304)

An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...

OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125)

A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions...

Unspecified Local Vulnerability in Oracle Java SE/Java SE Embedded/JRockit Hotspot Subcomponents (CNVD-2015-00564)

Oracle Java Runtime Environment is a solution that provides a reliable runtime environment for JAVA applications.Oracle JRockit is a comprehensive portfolio of Java runtime solutions that includes the industry's fastest standard Java solutions. An unspecified security vulnerability in the Oracle...

Unspecified Vulnerability in Oracle Java SE Swing Subcomponent (CNVD-2015-00561)

Oracle Java Runtime Environment is a solution that provides a reliable runtime environment for JAVA applications. An unspecified security vulnerability exists in the Oracle Java SE Swing subcomponent, which allows an attacker to build untrustworthy Java Web Start applications and untrustworthy Ja...

Oracle Java SE Install Subcomponent Local Arbitrary Code Execution Vulnerability

Oracle Java Runtime Environment is a solution that provides a reliable runtime environment for JAVA applications. An unspecified security vulnerability exists in the Oracle Java SE Install subcomponent, which allows an attacker to build untrusted Java Web Start applications and untrusted Java...

Unspecified Vulnerability in Oracle Java SE/Java SE Embedded/JRockit JSSE Subware

Oracle Java Runtime Environment is a solution that provides a reliable runtime environment for JAVA applications.Oracle JRockit is a comprehensive portfolio of Java runtime solutions that includes the industry's fastest standard Java solutions. An unspecified security vulnerability exists in the...

Unspecified Vulnerability in Oracle Java SE 2D Subpart (CNVD-2015-00577)

Oracle Java Runtime Environment is a solution that provides a reliable runtime environment for JAVA applications. An unspecified security vulnerability exists in the Oracle Java SE 2D subcomponent, which allows an attacker to build untrustworthy Java Web Start applications and untrustworthy Java...

Unspecified Vulnerability in Oracle Java SE Deployment Subcomponent (CNVD-2015-00562)

Oracle Java Runtime Environment is a solution that provides a reliable runtime environment for JAVA applications. An unspecified security vulnerability exists in the Oracle Java SE Deployment subcomponent, which allows an attacker to build untrustworthy Java Web Start applications and untrustwort...

Unspecified Vulnerability in Oracle Java SE Libraries Subpart (CNVD-2015-00574)

Oracle Java Runtime Environment is a solution that provides a reliable runtime environment for JAVA applications. An unspecified security vulnerability exists in the Oracle Java SE Libraries subcomponent, which allows an attacker to build untrustworthy Java Web Start applications and untrustworth...

Unspecified Arbitrary Code Execution Vulnerability in Oracle Java SE Hotspot Subpart (CNVD-2015-00566)

Oracle Java Runtime Environment is a solution that provides a reliable runtime environment for JAVA applications. An unspecified security vulnerability in the Oracle Java SE Hotspot subcomponent allows attackers to exploit the vulnerability to build untrustworthy Java Web Start applications and...

Unspecified Vulnerability in Oracle Java SE Libraries Subpart (CNVD-2015-00573)

Oracle Java Runtime Environment is a solution that provides a reliable runtime environment for JAVA applications. An unspecified security vulnerability exists in the Oracle Java SE Libraries subcomponent, which allows an attacker to build untrustworthy Java Web Start applications and untrustworth...

Unspecified Local Vulnerability in Oracle Java SE/Java SE Embedded/JRockit Hotspot Subcomponents (CNVD-2015-00563)

Oracle Java Runtime Environment is a solution that provides a reliable runtime environment for JAVA applications.Oracle JRockit is a comprehensive portfolio of Java runtime solutions that includes the industry's fastest standard Java solutions. An unspecified security vulnerability in the Oracle...