Debian Linux Security Advisory 3339-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography.
cc5c31eaed80c0cd400ec91f3fd6136488f7855153b9eb4184a81e7c430e9138
Red Hat Security Advisory 2015-1604-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
7c6c5c7a3ee00a76bfdd63d54c49691b252e690306bacc92fa688726f97e566f
Ubuntu Security Notice 2706-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Several vulnerabilities were discovered in the cryptographic components of the OpenJDK JRE. An attacker could exploit these to expose sensitive data over the network. Various other issues were also addressed.
43d713d4f87bfbe8c290f9a1b71ea87bd7e27654c81117d2859669b12657800e
HPE Security Bulletin HPSBUX03388 SSRT102180 1 - A potential security vulnerability has been identified with HP-UX running OpenSSL with SSL/TLS enabled. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as Logjam which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
f1baefdd8fc532cad3b81cfd65b89cde5c0b763dce7ec8f780f53b520447f879
Red Hat Security Advisory 2015-1544-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
211ab6dc8672735a2153424635a62c7215098412c1ba9ba843117f40ee4c8412
Debian Linux Security Advisory 3324-1 - Multiple security issues have been found in Icedove, Debian's version use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability in DHE key processing commonly known as the "LogJam" vulnerability.
c1dd84ed3f684df498d226e215df6097b473d332a45df7474dc930f492d4b553
Red Hat Security Advisory 2015-1526-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid.
28932cde7e1e54b5faa2a128d70fecb9ba81b65dd119ddde1d9ba9ffd2dfed25
Ubuntu Security Notice 2696-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Several vulnerabilities were discovered in the cryptographic components of the OpenJDK JRE. An attacker could exploit these to expose sensitive data over the network. Various other issues were also addressed.
8ac70ef5d3ffc3c065a0c52d7f424e904636f1c7c4b12a1196a9cf9750c40c26
Debian Linux Security Advisory 3316-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography.
77f6084f42e84ac99b7ceff809ccb976e89d5a9bf14710928cf2e5b55b224527
Red Hat Security Advisory 2015-1488-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
8f436bf84679e66da54f12816d6bf2a4d760e738018e00154e0c1955a13a4f73
Red Hat Security Advisory 2015-1485-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
794c652bb7d208e3f4dd4c9b8fac7a97aaa4c11f4e0da035ca9234948959b6e5
Red Hat Security Advisory 2015-1486-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
1a69476a2a502577fbfdefd6cda2711b581bb8fc6bba18e7c2c0acd53f683d9f
Ubuntu Security Notice 2673-1 - Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. Bob Clary, Christian Holler, Bobby Holley, and Andrew McCreight discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
edcecb45d145f10f0b7e4ff7d56649529e2e69c9512e45839ce5892952206428
Red Hat Security Advisory 2015-1243-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
240a4d208c67ed5977cc94f864f3c548d2a692bbfe7028670ced5044f28a1c0d
Red Hat Security Advisory 2015-1242-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
b01b07a56be2d7a975fa73912a2e17caca8944404e1dc032d7ba2d6b307d9c3b
Red Hat Security Advisory 2015-1241-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
a00adc19b4661f42eff481841ccbe46849730c47219498516b92867b140ed3c7
Ubuntu Security Notice 2656-2 - USN-2656-1 fixed vulnerabilities in Firefox for Ubuntu 14.04 LTS and later releases. This update provides the corresponding update for Ubuntu 12.04 LTS. Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. Looben Yan discovered 2 use-after-free issues when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
328cec1a37ec3067650890b309d1dd0a9ac8e5ee91e22185327112346ae999c2
Red Hat Security Advisory 2015-1230-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid.
7517a9e6d94cdc1cd64799e406750d0680e354b46859f1efd2e8114dcf35d4d2
Red Hat Security Advisory 2015-1229-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid.
d5875237c2fae7485fec92ae42358fcdf27396081fe6248111746b82dd5ad316
Red Hat Security Advisory 2015-1228-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid.
677ba73488a04d18a8c2e819c58aa77b061d9a2f573c08cfeb2da6786c091f7f
HP Security Bulletin HPSBGN03373 1 - A potential security vulnerability has been identified with HP Release Control running TLS. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
9532c8a022d376f659baa52d890981f1f1358dc02fa56962081e976cb6066ed3
HP Security Bulletin HPSBGN03351 2 - Potential security vulnerabilities have been identified with HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL. This is the TLS vulnerability known as "Logjam", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.
efbbe900de77885962b7c89379556a0ec45f4e5d0323c0974920b8e625855f20
Ubuntu Security Notice 2656-1 - Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. Looben Yan discovered 2 use-after-free issues when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
8b8e1309051b659a9010aa4da8be7f871c23e5dcdb455674eaf7979c0a9f13b8
HP Security Bulletin HPSBUX03363 1 - A potential security vulnerability has been identified with OpenSSL which may impact HP-UX Apache Web Server with SSL/TLS enabled. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely resulting in disclosure of information. Note: The default configuration of HP-UX Apache Web Server is not vulnerable. Revision 1 of this advisory.
e4c4b720234445a15f22a9dc46a016ed7191f53adc8b3ba80ae5349b95bbc3ce
HP Security Bulletin HPSBGN03361 1 - A potential security vulnerability has been identified with HP UCMDB, HP UCMDB Configuration Manager, HP UCMDB Browser, and HP Universal Discovery running TLS. Note: This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
d7f39361b740cd350c370d82a4abbf3a521be218d6102e8336f6c495e2a2be40