Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 540054 (CVE-2015-0437) - <dev-java/oracle-jre-bin-1.8.0.31: Unspecified vulnerability (CVE-2015-0437)
Summary: <dev-java/oracle-jre-bin-1.8.0.31: Unspecified vulnerability (CVE-2015-0437)
Status: RESOLVED FIXED
Alias: CVE-2015-0437
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-02-14 12:57 UTC by GLSAMaker/CVETool Bot
Modified: 2016-03-12 12:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2015-02-14 12:57:49 UTC 
CVE-2015-0437 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437):
  Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to
  affect confidentiality, integrity, and availability via unknown vectors
  related to Hotspot.


Redhat is a bit more helpful in its description at https://access.redhat.com/security/cve/CVE-2015-0437:

A flaw was found in the way the Hotspot component in OpenJDK in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
Comment 1 Agostino Sarubbo gentoo-dev 2015-02-14 13:27:12 UTC 
1.8.0.31 fixes this.

I didn't see anything related to java 7 so I suppose it is not affected.
Comment 2 James Le Cuirot gentoo-dev 2015-07-21 22:56:14 UTC 
This was dealt with some time ago. Security team, please close this out.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2015-07-22 12:38:14 UTC 
New GLSA Request filed.
Comment 4 Patrice Clement gentoo-dev 2015-08-14 18:30:59 UTC 
(In reply to Yury German from comment #3)
> New GLSA Request filed.

Well. I still can't see it.
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2015-08-15 23:43:19 UTC 
(In reply to Patrice Clement from comment #4)
> (In reply to Yury German from comment #3)
> > New GLSA Request filed.
> 
> Well. I still can't see it.

We filed it, but we did not write it yet, or release it.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2016-03-12 12:40:45 UTC 
This issue was resolved and addressed in
 GLSA 201603-11 at https://security.gentoo.org/glsa/201603-11
by GLSA coordinator Kristian Fiskerstrand (K_F).