Updated java-1.8.0-openjdk packages fix security vulnerabilities

Updated java-1.8.0-openjdk packages fix security vulnerabilities: Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions CVE-2015-4835,...

MGASA-2015-0412 Updated java-1.8.0-openjdk packages fix security vulnerabilities

Updated java-1.8.0-openjdk packages fix security vulnerabilities: Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions CVE-2015-4835,...

CVE-2015-6997

The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certifica...

Design/Logic Flaw

The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certifica...

CVE-2015-6997

The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certifica...

CVE-2015-6997

CVE-2015-6997 affects Apple iOS up to 9.0.x where the X.509 certificate-trust validation did not recognize that kSecRevocationRequirePositiveResponse requires revocation checking. This allowed a MITM attacker with revoked certificate access to spoof endpoints. The issue was addressed in iOS 9.1 b...

jre8-openjdk: multiple issues

CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...

jre8-openjdk-headless: multiple issues

CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...

RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2015:1919)

Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20151021)

Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2015-4835, CVE-2015-4881, CVE-2015-4843, CVE-2015-4883, CVE-2015-4860,...

CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2015:1919)

Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Important: Red Hat Security Advisory: java-1.8.0-openjdk security update

Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

The vulnerability of the Mac OS X operating system, which allows attackers to carry out “man-in-the-middle” type attacks

The vulnerability of the X.509 operating system Mac OS X is related to errors in the certificate revocation process. Exploiting this vulnerability allows a malicious actor to carry out “man-in-the-middle” type attacks remotely...

CVE-2015-5894

The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked...

Design/Logic Flaw

The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked...

CVE-2015-5894

CVE-2015-5894 affects Apple OS X

CVE-2015-5894

The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked...

Apple OS X kSecRevocationRequirePositiveResponse Markup Handling Vulnerability

Apple OS X is an operating system developed by Apple Inc. The Apple OS X kSecRevocationRequirePositiveResponse flag is specified but not implemented, allowing a trust evaluation configured to request a revocation check to potentially succeed even if the revocation check fails. A local attacker...

Microsoft Revokes Leaked D-Link Certificates

Microsoft today revoked trust for the four digital certificates inadvertently leaked last week by networking gear manufacturer D-Link. Microsoft said it has modified its Certificate Trust List removing trust for the four certs, which could have been used to sign malicious code used in attacks. Th...

X (Formerly Twitter): Tweetdeck (twitter owned app) not revoked

I've noticed an issue in tweetdeck & twitter. If you try to revoke tweet deck, no matter what you do, if anyone else is logged in on your account through tweetdeck, they will still be able to use your account. This doesn't properly revoke users, so therefore I thought this as is a bug/problem e.g...