FS#44663 - [jdk8-openjdk] arbitrary code execution, sandbox bypass, directory traversal, denial of service
Attached to Project:
Arch Linux
Opened by Levente Polyak (anthraxx) - Monday, 20 April 2015, 15:43 GMT
Last edited by Guillaume ALAUX (galaux) - Monday, 20 April 2015, 19:34 GMT
Opened by Levente Polyak (anthraxx) - Monday, 20 April 2015, 15:43 GMT
Last edited by Guillaume ALAUX (galaux) - Monday, 20 April 2015, 19:34 GMT
|
Details
Description:
It has been reported that openjdk8 <= 8.u40 is vulnerable to multiple serious issues including arbitrary code execution and sandbox restriction bypass. I have attached the CVE IDs below, openjdk7 was already updated properly to mitigate those problems. Mitigation: It is highly recommended to update openjdk8 to >= 8.u45 to mitigate the reported issues. https://access.redhat.com/security/cve/CVE-2005-1080 https://access.redhat.com/security/cve/CVE-2015-0460 https://access.redhat.com/security/cve/CVE-2015-0469 https://access.redhat.com/security/cve/CVE-2015-0470 https://access.redhat.com/security/cve/CVE-2015-0477 https://access.redhat.com/security/cve/CVE-2015-0478 https://access.redhat.com/security/cve/CVE-2015-0480 https://access.redhat.com/security/cve/CVE-2015-0488 |
This task depends upon
Closed by Guillaume ALAUX (galaux)
Monday, 20 April 2015, 19:34 GMT
Reason for closing: Implemented
Additional comments about closing: Pushed upstream version 8.u45
Monday, 20 April 2015, 19:34 GMT
Reason for closing: Implemented
Additional comments about closing: Pushed upstream version 8.u45