HP Security Bulletin HPSBMU02964 2 - Potential security vulnerabilities have been identified with HP Service Manager. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS), Denial of Service (DoS), execution of arbitrary code, unauthorized access, disclosure of Information, and authentication issues. Revision 2 of this advisory.
7536e013715c64e1f248c90d283d725b3de0798c35db1e550b482af5f497718f
HP Security Bulletin HPSBMU02964 - Potential security vulnerabilities have been identified with HP Service Manager. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, unauthorized access, disclosure of Information, and authentication issues. Revision 1 of this advisory.
c063f157a63c0bae841f9ebeda8031d30b8036d3ba7f4f41bb8a0666b7788340
This Metasploit module abuses the Color Management classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February and March of 2013. The vulnerability affects Java version 7u15 and earlier and 6u41 and earlier and has been tested successfully on Windows XP SP3 and Windows 7 SP1 systems. This exploit doesn't bypass click-to-play, so the user must accept the java warning in order to run the malicious applet.
257e7dc02cc758e02ddfc07622def557b152de2354df0f2e8e6ddd5a95045d43
Red Hat Security Advisory 2013-0624-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
1aa3a61ce84d8dfe3989766a7d64b1570da3b7bf518c863cc35cbbfe38e7ca3d
Mandriva Linux Security Advisory 2013-021 - Multiple security issues were identified and fixed in OpenJDK. The 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via vectors that trigger a write of arbitrary memory in the JVM, as exploited in the wild in February 2013. Unspecified vulnerability in the 2D component in the Java Runtime Environment component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493. The updated packages provides icedtea6-1.11.9 which is not vulnerable to these issues.
5b454321a55eb475ee4170f49c5dd25c68794fe01d96b8252b64fbb67b52fb24
Ubuntu Security Notice 1755-2 - USN-1755-1 fixed vulnerabilities in OpenJDK 6. This update provides the corresponding updates for OpenJDK 7. It was discovered that OpenJDK did not properly validate certain types of images. A remote attacker could exploit this to cause OpenJDK to crash. Various other issues were also addressed.
f6df39f955594ea9216c4b8dd6ae813b8290b144bf93b3ea8c98f431ac8ef370
Red Hat Security Advisory 2013-0604-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges.
fcd9969a38c85228f7ca9170261f28e98703f293a9d058a6d777b3bd4614528a
Red Hat Security Advisory 2013-0603-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges.
9277b9f954bbf26ebfd21be9bbb223309fcabd745ba6239e42466b4ce3619d74
Red Hat Security Advisory 2013-0602-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges.
006689926e05cd513152e32213025ecfe6d53e1e946057df17e9c53131bc1a0f
Red Hat Security Advisory 2013-0605-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges.
bd6fda8b783af23447ab7dce72a23af050b31847850dc60e49d2d16016daf7ee
Red Hat Security Advisory 2013-0601-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes two vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Security Alert page, listed in the References section. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 43. All running instances of Oracle Java must be restarted for the update to take effect.
cd5621dfa11a423f7e2dd0bc78bcbbebd77d20d8de7879e5ff7541d5e0807d1d
Red Hat Security Advisory 2013-0600-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes two vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Security Alert page, listed in the References section. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 17 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
78e394bd3978d85f81bf585e1a65ad138e184f2e62db033ad702df80a4ad8e1a
Ubuntu Security Notice 1755-1 - It was discovered that OpenJDK did not properly validate certain types of images. A remote attacker could exploit this to cause OpenJDK to crash. It was discovered that OpenJDK did not properly check return values when performing color conversion for images. If a user were tricked into opening a crafted image with OpenJDK, such as with the Java plugin, a remote attacker could cause OpenJDK to crash or execute arbitrary code outside of the Java sandbox with the privileges of the user invoking the program. Various other issues were also addressed.
fd1813b8a70a9be8697c148673b902f68c148dbdd12ab1ae7e74fb7ff68d27ee
Apple Security Advisory 2013-03-04-1 - Multiple vulnerabilities existed in Java 1.6.0_41, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox, have been addressed.
486fbb59279643ffefc29cb9c279270f2e09f0a3061209f032b324a9f5df9eb3