Gentoo Linux Security Advisory 201406-32 - Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution. Versions less than 6.1.13.3 are affected.
090fb98b78d165daf38005d744a51c041e7041bc82e7280894ff7c9447061a32
Gentoo Linux Security Advisory 201111-2 - Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impacts. Versions less than 1.6.0.29 are affected.
bdd25e09a3d2a79cb6d767a8541e666e1faf5d0e50b98660a81be4dbc3da723d
VMware Security Advisory 2011-0013 - Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 addresses several security issues.
bfa44b90a996832dc4d48ee3d88431651288c9f75d7f7f82d502411d95c5dce3
Red Hat Security Advisory 2011-0880-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite 5.4.1. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. Various other issues were also addressed.
23e57d99b78195d5d080dfd7d6831e809d977086b9839464c667dc791c8b7697
HP Security Bulletin HPSBUX02608 SSRT100333 2 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities. Revision 2 of this advisory.
33d41ce683d2244b9cb2ed8bc782c9c762848f2ce03638f2d726f4593e82eabe
Ubuntu Security Notice 1010-1 - Various openjdk issues have been addressed. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. It was discovered that JNDI could leak information that would allow an attacker to to access information about otherwise-protected internal network names. It was discovered that HttpURLConnection improperly handled the "chunked" transfer encoding method, which could allow attackers to conduct HTTP response splitting attacks. It was discovered that the NetworkInterface class improperly checked the network "connect" permissions for local network addresses. Various other issues were discovered and addressed.
dbf842de06300f7667099150cb0e617a4a3656e900e4a73d6bc01c5ed06a9df2
Zero Day Initiative Advisory 10-205 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of JPEG image dimensions. When specifying large values to the dimensions of a subsample an integer overflow occurs leading to memory corruption. Successful exploitation of this vulnerability can lead to remote compromise under the credentials of the currently logged in user.
7edb0903cf57b1ec09a32da340a52b6c62f751af2bf9df75260763a74a1ec5cf