Java Code-Signing, Security Prompts Fail with Developers

Why would a software company require developers to sign code, thereby ensuring a modicum of trust—but not security—and then shatter that trust by allowing signed applets to bypass their own application sandbox? Welcome to the world of Oracle and Java, where a once healthy programming language has...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-136) (ROBOT)

Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2012-5086 , CVE-2012-5084 , CVE-2012-5089 Multiple improper permission check issues...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-183)

Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. CVE-2013-1569 , CVE-2013-2383 , CVE-2013-2384 Multiple improper permission check issues were...

UBUNTU-CVE-2013-2172

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization...

OpenJDK: SerialJavaObject package restriction (JDBC, 8009554)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous...

Updated java-1.7.0-openjdk packages fix multiple security vulnerabilities

Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption CVE-2013-2470, CVE-2013-2471, CVE-2013-2472...

CentOS 6 : java-1.7.0-openjdk (CESA-2013:0957)

Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information...

CVE-2013-2442

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than...

JDK: unspecified sanbox bypass (CanSecWest 2013, 2D)

The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own...

Security Explorations Finds Seven New Flaws in IBM SDK

Security researcher Adam Gowdiak and his team at Security Explorations have discovered another batch of issues that stem from the way Java is implemented in certain versions of software, in this case, IBM’s SDK. Gowdiak wrote Monday on the Full Disclosure mailing list about the issues, seven in...

Oracle Java SE Multiple Vulnerabilities -03 (May 2013) - Windows

Oracle Java SE is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64 (20130424)

Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. CVE-2013-1569, CVE-2013-2383, CVE-2013-2384 Multiple improper permission check issues were...

Important: java-1.6.0-openjdk

Issue Overview: Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. CVE-2013-1569, CVE-2013-2383, CVE-2013-2384 Multiple improper permission check...

ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004987)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate...

JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than...

java security update

CentOS Errata and Security Advisory CESA-2013:0752 Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring Syst...

Immunity Canvas: JAVA_DYNAMICBINDING

Name| javaDynamicBinding ---|--- CVE| CVE-2013-2423 Exploit Pack| CANVAS Description| javaDynamicBinding Notes| CVE Name: CVE-2013-2423 VENDOR: Sun Notes: A vulnerability in MethodHandle allows to overwrite public final fields. This can be abused in order to disable Java Sandbox. The current...

OpenJDK: temporary files created with insecure permissions (JAX-WS, 8003542)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented o...

OpenJDK: ConcurrentHashMap incorrectly calls defaultReadObject() method (Libraries, 8009063)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from t...