Red Hat Security Advisory 2015-0067-01 – The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
Monthly Archives: January 2015
Google Drive Information Leak
Google Drive suffers from a full name disclosure information leak vulnerability.
Vuln: Oracle Java SE CVE-2014-6591 Remote Java SE Vulnerability
Oracle Java SE CVE-2014-6591 Remote Java SE Vulnerability
Vuln: Oracle Java SE CVE-2015-0410 Remote Java SE, Java SE Embedded, JRockit Vulnerability
Oracle Java SE CVE-2015-0410 Remote Java SE, Java SE Embedded, JRockit Vulnerability
Vuln: Oracle Java SE CVE-2015-0407 Remote Java SE Vulnerability
Oracle Java SE CVE-2015-0407 Remote Java SE Vulnerability
Vuln: Oracle Java SE CVE-2014-6601 Remote Java SE Vulnerability
Oracle Java SE CVE-2014-6601 Remote Java SE Vulnerability
Re: full name disclosure information leak in google drive
Posted by kevin mcsheehan on Jan 21
when they say “create a profile” they’re referring to google plus. the
302 on https://profiles.google.com should be a solid indicator of
that. this vulnerability is capable of targeting non-g+ users, and
that’s the point.
here is an example of google acknowledging that names are personal
information: http://i.imgur.com/VHLfcC2.png
Quoting Daniel Miller <bonsaiviking () gmail com>:
Fedora 21 Security Update: grep-2.21-2.fc21
Fedora 21 Security Update: polarssl-1.3.9-3.fc21
Fedora 21 Security Update: dump-0.4-0.24.b44.fc21
Resolved Bugs
1132282 – CVE-2014-4607 dump: lzo: lzo1x_decompress_safe() integer overflow [fedora-all]<br
Security fix for CVE-2014-4607