Arch Linux Security Advisory ASA-201501-14
=========================================
Severity: Critical
Date    : 2015-01-23
CVE-ID  : CVE-2014-3566 CVE-2014-6549 CVE-2014-6585 CVE-2014-6587
          CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383
          CVE-2015-0395 CVE-2015-0400 CVE-2015-0403 CVE-2015-0406
          CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412
          CVE-2015-0413 CVE-2015-0421 CVE-2015-0437
Package : jdk8-openjdk
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package jdk8-openjdk before version 8.u31-1 is vulnerable to
multiple issues including bug not limited to arbitrary code execution,
information disclosure, denial of service, privilege escalation and
man-in-the-middle.

Resolution
=========
Upgrade to 8.u31-1.

# pacman -Syu "jdk8-openjdk>=8.u31-1"

The problems have been fixed upstream in version 8.u31.

Workaround
=========
None.

Description
==========
- CVE-2014-3566 (man-in-the-middle)
Nondeterministic CBC padding, which makes it easier for
man-in-the-middle attackers to obtain cleartext data via a
padding-oracle attack, aka the "POODLE" issue.

- CVE-2014-6549 (arbitrary code execution)
Incorrect class loader permission check in ClassLoader getParent()
allows remote attackers to affect confidentiality, integrity, and
availability.

- CVE-2014-6585 (out-of-bounds read)
Allows remote attackers to affect confidentiality via font parsing
out-of-bounds read related to 2D.

- CVE-2014-6587 (privilege escalation)
MulticastSocket NULL pointer dereference allows local users to affect
confidentiality, integrity, and availability.

- CVE-2014-6591 (out-of-bounds read)
Allows remote attackers to affect confidentiality via font parsing
out-of-bounds read related to 2D.

- CVE-2014-6593 (man-in-the-middle)
Incorrect tracking of ChangeCipherSpec during SSL/TLS handshake allows
remote attackers to affect confidentiality and integrity.

- CVE-2014-6601 (arbitrary code execution)
Class verifier insufficient invokespecial calls verification related to
Hotspot allows remote attackers to affect confidentiality, integrity,
and availability.

- CVE-2015-0383 (denial of service)
Insecure hsperfdata temporary file handling related to Hotspot allows
local users to affect integrity and availability.

- CVE-2015-0395 (arbitrary code execution)
Phantom references handling issue in garbage collector related to
Hotspot allows remote attackers to affect confidentiality, integrity,
and availability.

- CVE-2015-0400 (information disclosure)
Successful unauthenticated network attacks via multiple protocols can
result in unauthorized read access to a subset of Java SE accessible data.

- CVE-2015-0403 (arbitrary code execution)
Successful attack of this vulnerability can result in unauthorized
Operating System takeover including arbitrary code execution.

- CVE-2015-0406 (information disclosure)
Successful unauthenticated network attacks via multiple protocols can
result in unauthorized read access to a subset of accessible data and
ability to cause a partial denial of service.

- CVE-2015-0407 (information disclosure)
Directory information leak via file chooser related to Swing allows
remote attackers to affect confidentiality.

- CVE-2015-0408 (arbitrary code execution)
Incorrect context class loader use in RMI transport allows remote
attackers to affect confidentiality, integrity, and availability.

- CVE-2015-0410 (denial of service)
DER decoder infinite loop allows remote attackers to affect availability.

- CVE-2015-0412 (arbitrary code execution)
Insufficient code privileges checks related to JAX-WS allows remote
attackers to affect confidentiality, integrity, and availability.

- CVE-2015-0413 (unauthorized modification)
Successful attack of this vulnerability can result in unauthorized
update, insert or delete access to some Java SE accessible data.

- CVE-2015-0421 (arbitrary code execution)
Successful attack of this vulnerability can result in unauthorized
Operating System takeover including arbitrary code execution.

- CVE-2015-0437 (arbitrary code execution)
Code generation issue related to Hotspot allows remote attackers to
affect confidentiality, integrity, and availability.

Impact
=====
A remote attacker is able to perform arbitrary code execution,
information disclosure, denial of service, privilege escalation and
man-in-the-middle via various vulnerabilities.

References
=========
https://www.oracle.com/security-alerts/cpujan2015verbose.html
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6549
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6585
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6587
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6591
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6593
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6601
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0383
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0395
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0400
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0403
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0406
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0407
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0408
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0410
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0412
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0413
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0421
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0437

ArchLinux: 201501-14: jdk8-openjdk: multiple issues

January 23, 2015

Summary

- CVE-2014-3566 (man-in-the-middle) Nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. - CVE-2014-6549 (arbitrary code execution) Incorrect class loader permission check in ClassLoader getParent() allows remote attackers to affect confidentiality, integrity, and availability.
- CVE-2014-6585 (out-of-bounds read) Allows remote attackers to affect confidentiality via font parsing out-of-bounds read related to 2D.
- CVE-2014-6587 (privilege escalation) MulticastSocket NULL pointer dereference allows local users to affect confidentiality, integrity, and availability.
- CVE-2014-6591 (out-of-bounds read) Allows remote attackers to affect confidentiality via font parsing out-of-bounds read related to 2D.
- CVE-2014-6593 (man-in-the-middle) Incorrect tracking of ChangeCipherSpec during SSL/TLS handshake allows remote attackers to affect confidentiality and integrity.
- CVE-2014-6601 (arbitrary code execution) Class verifier insufficient invokespecial calls verification related to Hotspot allows remote attackers to affect confidentiality, integrity, and availability.
- CVE-2015-0383 (denial of service) Insecure hsperfdata temporary file handling related to Hotspot allows local users to affect integrity and availability.
- CVE-2015-0395 (arbitrary code execution) Phantom references handling issue in garbage collector related to Hotspot allows remote attackers to affect confidentiality, integrity, and availability.
- CVE-2015-0400 (information disclosure) Successful unauthenticated network attacks via multiple protocols can result in unauthorized read access to a subset of Java SE accessible data.
- CVE-2015-0403 (arbitrary code execution) Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
- CVE-2015-0406 (information disclosure) Successful unauthenticated network attacks via multiple protocols can result in unauthorized read access to a subset of accessible data and ability to cause a partial denial of service.
- CVE-2015-0407 (information disclosure) Directory information leak via file chooser related to Swing allows remote attackers to affect confidentiality.
- CVE-2015-0408 (arbitrary code execution) Incorrect context class loader use in RMI transport allows remote attackers to affect confidentiality, integrity, and availability.
- CVE-2015-0410 (denial of service) DER decoder infinite loop allows remote attackers to affect availability.
- CVE-2015-0412 (arbitrary code execution) Insufficient code privileges checks related to JAX-WS allows remote attackers to affect confidentiality, integrity, and availability.
- CVE-2015-0413 (unauthorized modification) Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data.
- CVE-2015-0421 (arbitrary code execution) Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
- CVE-2015-0437 (arbitrary code execution) Code generation issue related to Hotspot allows remote attackers to affect confidentiality, integrity, and availability.

Resolution

Upgrade to 8.u31-1. # pacman -Syu "jdk8-openjdk>=8.u31-1"
The problems have been fixed upstream in version 8.u31.

References

https://www.oracle.com/security-alerts/cpujan2015verbose.html https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6549 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6585 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6587 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6591 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6593 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6601 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0383 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0395 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0400 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0403 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0406 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0407 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0408 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0410 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0412 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0413 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0421 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0437

Severity
CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383
CVE-2015-0395 CVE-2015-0400 CVE-2015-0403 CVE-2015-0406
CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412
CVE-2015-0413 CVE-2015-0421 CVE-2015-0437
Package : jdk8-openjdk
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE

Workaround

None.

Related News