{ "threat_severity" : "Moderate", "public_date" : "2015-07-14T00:00:00Z", "bugzilla" : { "description" : "ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)", "id" : "1242394", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1242394" }, "cvss" : { "cvss_base_score" : "4.3", "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-190->CWE-125", "details" : [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.", "An information leak flaw was found in the 2D component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions." ], "affected_release" : [ { "product_name" : "Oracle Java for Red Hat Enterprise Linux 5", "release_date" : "2015-07-17T00:00:00Z", "advisory" : "RHSA-2015:1242", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5", "package" : "java-1.7.0-oracle-1:1.7.0.85-1jpp.1.el5_11" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 5", "release_date" : "2015-07-17T00:00:00Z", "advisory" : "RHSA-2015:1243", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5", "package" : "java-1.6.0-sun-1:1.6.0.101-1jpp.1.el5_11" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 6", "release_date" : "2015-07-17T00:00:00Z", "advisory" : "RHSA-2015:1241", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6", "package" : "java-1.8.0-oracle-1:1.8.0.51-1jpp.2.el6_6" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 6", "release_date" : "2015-07-17T00:00:00Z", "advisory" : "RHSA-2015:1242", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6", "package" : "java-1.7.0-oracle-1:1.7.0.85-1jpp.2.el6_6" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 6", "release_date" : "2015-07-17T00:00:00Z", "advisory" : "RHSA-2015:1243", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6", "package" : "java-1.6.0-sun-1:1.6.0.101-1jpp.1.el6_6" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 7", "release_date" : "2015-07-17T00:00:00Z", "advisory" : "RHSA-2015:1241", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7", "package" : "java-1.8.0-oracle-1:1.8.0.51-1jpp.2.el7_1" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 7", "release_date" : "2015-07-17T00:00:00Z", "advisory" : "RHSA-2015:1242", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7", "package" : "java-1.7.0-oracle-1:1.7.0.85-1jpp.2.el7_1" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 7", "release_date" : "2015-07-17T00:00:00Z", "advisory" : "RHSA-2015:1243", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7", "package" : "java-1.6.0-sun-1:1.6.0.101-1jpp.1.el7_1" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2015-07-15T00:00:00Z", "advisory" : "RHSA-2015:1230", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el5_11" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2015-07-30T00:00:00Z", "advisory" : "RHSA-2015:1526", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el5_11" }, { "product_name" : "Red Hat Enterprise Linux 5 Supplementary", "release_date" : "2015-07-22T00:00:00Z", "advisory" : "RHSA-2015:1486", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el5" }, { "product_name" : "Red Hat Enterprise Linux 5 Supplementary", "release_date" : "2015-07-23T00:00:00Z", "advisory" : "RHSA-2015:1488", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.7.0-ibm-1:1.7.0.9.10-1jpp.2.el5" }, { "product_name" : "Red Hat Enterprise Linux 5 Supplementary", "release_date" : "2015-08-04T00:00:00Z", "advisory" : "RHSA-2015:1544", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.5.0-ibm-1:1.5.0.16.13-1jpp.3.el5" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2015-07-15T00:00:00Z", "advisory" : "RHSA-2015:1228", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "java-1.8.0-openjdk-1:1.8.0.51-0.b16.el6_6" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2015-07-15T00:00:00Z", "advisory" : "RHSA-2015:1229", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el6_6" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2015-07-30T00:00:00Z", "advisory" : "RHSA-2015:1526", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el6_7" }, { "product_name" : "Red Hat Enterprise Linux 6 Supplementary", "release_date" : "2015-07-22T00:00:00Z", "advisory" : "RHSA-2015:1485", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.7.1-ibm-1:1.7.1.3.10-1jpp.3.el6_7" }, { "product_name" : "Red Hat Enterprise Linux 6 Supplementary", "release_date" : "2015-07-22T00:00:00Z", "advisory" : "RHSA-2015:1486", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el6_7" }, { "product_name" : "Red Hat Enterprise Linux 6 Supplementary", "release_date" : "2015-08-04T00:00:00Z", "advisory" : "RHSA-2015:1544", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.5.0-ibm-1:1.5.0.16.13-1jpp.3.el6_7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2015-07-15T00:00:00Z", "advisory" : "RHSA-2015:1228", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "java-1.8.0-openjdk-1:1.8.0.51-1.b16.ael7b_1" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2015-07-15T00:00:00Z", "advisory" : "RHSA-2015:1229", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "java-1.7.0-openjdk-1:1.7.0.85-2.6.1.2.ael7b_1" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2015-07-30T00:00:00Z", "advisory" : "RHSA-2015:1526", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el7_1" }, { "product_name" : "Red Hat Satellite 5.6", "release_date" : "2015-08-12T00:00:00Z", "advisory" : "RHSA-2015:1604", "cpe" : "cpe:/a:redhat:network_satellite:5.6::el5", "package" : "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el5" }, { "product_name" : "Red Hat Satellite 5.7", "release_date" : "2015-08-12T00:00:00Z", "advisory" : "RHSA-2015:1604", "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6", "package" : "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el6_7" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 7", "release_date" : "2015-07-22T00:00:00Z", "advisory" : "RHSA-2015:1485", "cpe" : "cpe:/a:redhat:rhel_extras:7", "package" : "java-1.7.1-ibm-1:1.7.1.3.10-1jpp.1.ael7b_1" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "icu", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "impact" : "low" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "icu", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "impact" : "low" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Will not fix", "package_name" : "icu", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "impact" : "low" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-2632\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2632\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name" : "CVE-2015-2632", "csaw" : false }