Vulnerability in 2D component related to font actions The following bugs were fixed: There is no known workaround at this time. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. This includes the possibility of remote execution of arbitrary code, information disclosure, or Denial of Service. CompletionFailure thrown when calling FieldDoc. Debian Local Security Checks. Comment 3 Agostino Sarubbo 
| Uploader: | Gajora |
| Date Added: | 2 October 2008 |
| File Size: | 14.90 Mb |
| Operating Systems: | Windows NT/2000/XP/2003/2003/7/8/10 MacOS 10/X |
| Downloads: | 45582 |
| Price: | Free* [*Free Regsitration Required] |
Better attributes processing - S F5 Networks Local Security Checks.
Maintainer sorace cleanup. All running instances of IBM Java must be restarted for the update to take effect. Add MD5 to jdk.
Oracle jdk 7u91
From Red Hat Security Advisory Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. Attachments Add an attachment proposed patch, testcase, etc.
An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. The use of MD5 can be re-enabled by removing MD5 from the jdk.
IBM Support Community
It is, therefore, affected by multiple vulnerabilities: Wrong changes were pushed with - S Vulnerability in 2D component related to font actions Includes the following fixes from the October update: Remote attackers may remotely execute arbitrary code, compromise information, or cause Denial of Service.
Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Orzcle remote user can exploit a flaw in the JavaFX component to partially access data.
A man-in-the-middle attacker, by triggering collisions, oracld exploit this issue to spoof servers. Note You need to log in before you can comment on or make changes to this bug.
More general limits - S An unspecified vulnerability related to the Libraries component has partial confidentiality impact, partial integrity impact, and no availability impact - CVE Comment 7 Aaron Bauman A specially crafted font file could cause an application using ICU to parse untrusted fonts to crash and, possibly, execute arbitrary code. Amazon Linux Local Security Checks. A remote user can exploit a flaw in the Embedded 2D component to partially access data - CVE An attacker could exploit these to cause a denial jek service, expose sensitive data over the network, or possibly execute arbitrary code.
Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to jd, confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component. Fortunately arm 64 shares the same version as the others now. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to expose sensitive information.
Oracle Java SE 6u/7u91/8u66 2D memory corruption
Comment 4 James Le Cuirot A remote user can exploit a flaw in the Embedded Serialization component to gain elevated privileges - CVE This update also disallows the use of the MD5 hash algorithm in the certification path processing.
A man-in-the-middle attacker can exploit this, via a transcript collision attack, to impersonate a TLS server.
Arrange font actions - Oraxle Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. Ubuntu Local Security Checks. CompletionFailure thrown when calling FieldDoc.
No comments:
Post a Comment