Debian: DSA-2356-1 Moderate Remote Risks in OpenJDK Security
debian
December 1, 2011
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java platform: CVE-2011-3389
Summary
Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Java platform:
CVE-2011-3389
The TLS implementation does not guard properly against certain
chosen-plaintext attacks when block ciphers are used in CBC
mode.
CVE-2011-3521
The CORBA implementation contains a deserialization
vulnerability in the IIOP implementation, allowing untrusted
Java code (such as applets) to elevate its privileges.
CVE-2011-3544
The Java scripting engine lacks necessary security manager
checks, allowing untrusted Java code (such as applets) to
elevate its privileges.
CVE-2011-3547
The skip() method in java.io.InputStream uses a shared buffer,
allowing untrusted Java code (such as applets) to access data
that is skipped by other code.
CVE-2011-3548
The java.awt.AWTKeyStroke class contains a flaw which allows
untrusted Java code (such as applets) to elevate its
privileges.
CVE-2011-3551
The Java2D C code contains an integer overflow which results
in a heap-based buffer overflow, potential...
PREVIOUS
NEXT
Package: openjdk-6
CVE ID: CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!