13 matches found
EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2017-1028)
According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrust...
OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)
It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory...
OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)
It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory...
Critical: java-1.7.0-openjdk
Issue Overview: It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. Th...
OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)
It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory...
Critical: Red Hat Security Advisory: java-1.7.0-openjdk security update
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives ...
OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)
It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory...
USN-3194-1: OpenJDK 7 vulnerabilities
Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes...
Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3194-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3194-1 advisory. Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly...
Critical: java-1.8.0-openjdk
Issue Overview: It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...
OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)
It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory...
OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)
It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory...
libpng DoS via multiple out-of-bounds reads
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service crash via crafted 1 pCAL pnghandlepCAL, 2 sCAL pnghandlesCAL, 3 tEXt pngpushreadtEXt, 4 iTXt pnghandleiTXt, and 5 ztXT pnghandleztXt chunking in PNG images, which trigger...