You are here
Home > Preporuke > Nadogradnja za java-1.7.0-openjdk

Nadogradnja za java-1.7.0-openjdk

  • Detalji os-a: LMV
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LMV

Hash: SHA1


Mandriva Linux Security Advisory MDVSA-2015:212

Package : java-1.7.0-openjdk
Date : April 27, 2015
Affected: Business Server 1.0

Problem Description:

Updated java-1.7.0 packages fix security vulnerabilities:

An off-by-one flaw, leading to a buffer overflow, was found in the
font parsing code in the 2D component in OpenJDK. A specially crafted
font file could possibly cause the Java Virtual Machine to execute
arbitrary code, allowing an untrusted Java application or applet to
bypass Java sandbox restrictions (CVE-2015-0469).

A flaw was found in the way the Hotspot component in OpenJDK
handled phantom references. An untrusted Java application or applet
could use this flaw to corrupt the Java Virtual Machine memory and,
possibly, execute arbitrary code, bypassing Java sandbox restrictions

A flaw was found in the way the JSSE component in OpenJDK parsed X.509
certificate options. A specially crafted certificate could cause JSSE
to raise an exception, possibly causing an application using JSSE to
exit unexpectedly (CVE-2015-0488).

A flaw was discovered in the Beans component in OpenJDK. An untrusted
Java application or applet could use this flaw to bypass certain Java
sandbox restrictions (CVE-2015-0477).

A directory traversal flaw was found in the way the jar tool extracted
JAR archive files. A specially crafted JAR archive could cause jar
to overwrite arbitrary files writable by the user running jar when
the archive was extracted (CVE-2005-1080, CVE-2015-0480).

It was found that the RSA implementation in the JCE component in
OpenJDK did not follow recommended practices for implementing RSA
signatures (CVE-2015-0478).


Updated Packages:

Mandriva Business Server 1/X86_64:
65ed5762e704150c083edeb68138f17c mbs1/x86_64/java-1.7.0-openjdk-
db45d488531f88df789dd99fc91f08a3 mbs1/x86_64/java-1.7.0-openjdk-accessibility-
317fc70a3d0d14e0e4ecdc643619b1be mbs1/x86_64/java-1.7.0-openjdk-demo-
e1af37f571aa22905b3203eb1f2575df mbs1/x86_64/java-1.7.0-openjdk-devel-
2ff58c8c02ad00b6847e19bdceee610b mbs1/x86_64/java-1.7.0-openjdk-headless-
26479b11ee458639fe6b9b1853d899a2 mbs1/x86_64/java-1.7.0-openjdk-javadoc-
80f9a48ed77c6b28cf18f1b25b3e8e74 mbs1/x86_64/java-1.7.0-openjdk-src-
72b8836e9d3816d590296010e250f7a5 mbs1/SRPMS/java-1.7.0-openjdk-

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver 0x22458A98

You can view other update advisories for Mandriva Linux at:

If you want to report vulnerabilities, please contact


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
Version: GnuPG v1.4.12 (GNU/Linux)


To unsubscribe, send a email to
with this subject : unsubscribe security-announce
Want to buy your Pack or Services from Mandriva?
Go to

AutorTomislav Protega
Cert idNCERT-REF-2015-04-0028-ADV
CveCVE-2015-0469 CVE-2015-0460 CVE-2015-0488 CVE-2015-0477 CVE-2005-1080 CVE-2015-0480 CVE-2015-0478
ID izvornikaMDVSA-2015:212
More in Preporuke
Ranjivosti programskog paketa qemu

Otkrivene su dvije ranjivosti u načinu kojim je qemu upravljao preoblikovanim PRDT podacima poslanima prema host emulacijskim IDE i/ili AHCI...