New Search

RHSA-2015:0807 -- java-1.7.0-openjdk security update (Important)

oval:org.mitre.oval:def:29084

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw leading to a buffer overflow was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469)

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 5
  • Red Hat Enterprise Linux 5
Class:
patch
Reference(s):
  • RHSA-2015:0807
  • CESA-2015:0807
  • CVE-2005-1080
  • CVE-2015-0460
  • CVE-2015-0469
  • CVE-2015-0477
  • CVE-2015-0478
  • CVE-2015-0480
  • CVE-2015-0488
Product(s):
  • java-1.7.0-openjdk