Wind River Support Network

HomeDefectsOVP-1664
Fixed

OVP-1664 : Security Advisory - openjdk - CVE-2014-1876

Created: Feb 16, 2014    Updated: Mar 11, 2016
Resolved Date: Mar 18, 2014
Found In Version: 5.0.1.11
Fix Version: 5.0.1.14,6.0
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8, and Oracle Java JDK, does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1876

Other Downloads

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube