Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 540054 (CVE-2015-0437)

Summary: <dev-java/oracle-jre-bin-1.8.0.31: Unspecified vulnerability (CVE-2015-0437)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: java
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A3 [glsa cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2015-02-14 12:57:49 UTC 
CVE-2015-0437 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437):
  Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to
  affect confidentiality, integrity, and availability via unknown vectors
  related to Hotspot.


Redhat is a bit more helpful in its description at https://access.redhat.com/security/cve/CVE-2015-0437:

A flaw was found in the way the Hotspot component in OpenJDK in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
Comment 1 Agostino Sarubbo gentoo-dev 2015-02-14 13:27:12 UTC 
1.8.0.31 fixes this.

I didn't see anything related to java 7 so I suppose it is not affected.
Comment 2 James Le Cuirot gentoo-dev 2015-07-21 22:56:14 UTC 
This was dealt with some time ago. Security team, please close this out.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2015-07-22 12:38:14 UTC 
New GLSA Request filed.
Comment 4 Patrice Clement gentoo-dev 2015-08-14 18:30:59 UTC 
(In reply to Yury German from comment #3)
> New GLSA Request filed.

Well. I still can't see it.
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2015-08-15 23:43:19 UTC 
(In reply to Patrice Clement from comment #4)
> (In reply to Yury German from comment #3)
> > New GLSA Request filed.
> 
> Well. I still can't see it.

We filed it, but we did not write it yet, or release it.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2016-03-12 12:40:45 UTC 
This issue was resolved and addressed in
 GLSA 201603-11 at https://security.gentoo.org/glsa/201603-11
by GLSA coordinator Kristian Fiskerstrand (K_F).