Become a premium member to remove ads

Search the Community

Showing results for tags 'Security'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Community Hub
    • News & Announcements
    • Suggestions & Feedback
  • Server Management
    • MineCraft Registration
    • Support
    • Reports
    • Ban Appeals
  • Server Discussion
    • Minecraft
    • Teamspeak 3
    • Minecraft Modded: Age of Rebirth
    • Minecraft Beta 1.7.3
    • Valheim
  • Community Discussion
    • The Den
    • Computers & Tech
    • General Gaming
    • PC Gaming
    • Console Gaming
  • Chaotic United (Unofficial)'s Topics

Calendars

  • Community Calendar
  • ChaoticUnited's Calendar
  • NuclearDistrict's Calendar

Categories

  • Chaotic United
    • Minecraft Worlds
    • Minecraft Texture/Resource Packs
    • Valheim Worlds
  • Miscellaneous Files
  • Chaotic United (Unofficial)'s Files

Categories

  • Tutorials and Guides
    • Minecraft
    • Website and Forums
    • Miscellaneous
  • Resources
    • Guidelines
    • Troubleshooting
    • History
    • Minecraft
    • Website and Forums

Categories

  • Minecraft Server Bugs
    • Archive
  • MC Beta 1.7.3 Bugs
    • Archive
  • Website/Forums Bugs
    • Archive
  • Discord Bugs
    • Archive
  • TeamSpeak Bugs
    • Archive
  • Other Bugs
    • Archive

Categories

  • Minecraft Server Suggestions
    • Archive
  • MC Beta 1.7.3 Suggestions
    • Archive
  • Age of Rebirth Suggestions
    • Archive
  • Website/Forums Suggestions
    • Archive
  • Discord Suggestions
    • Archive
  • Other Suggestions
    • Archive

Categories

  • Minecraft Server
    • Items
    • Blocks
    • Mobs
    • Locations
    • Technical Resources
  • History
    • Members
    • Communities

Blogs

  • random test blog
  • Infinity
  • Random Web Design
  • Update Notes
  • Halo's Thoughts
  • Brink of Chaos Updates
  • Age of Rebirth Update Notes
  • TechnoGalaxy's Beta Adventures
  • CU Veterans's Blog

Product Groups

  • Legacy
    • Minecraft Ranks (Legacy)
    • Demoria Online
    • Minecraft Currency
    • Misc. Donations
  • Apparel
    • Men's T-Shirts
    • Women's T-Shirts
  • Miscellaneous
  • Advertisements

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Minecraft


Steam


Discord

Found 1 result

  1. Hi All, A security exploit has been identified in the openjdk 1.7.0 version. The server uses OpenJDK 1.8 and has already patched the exploit. However this is also present in Java SE clients. It is highly advised that you update your java. FAQ Are there any crucial differences between Oracle and Open JDK? Nothing crucial. The openjdk project is mostly based on hotspot source code donated by Sun. Moreover, openjdk was selected to be the reference implementation for java 7, and is maintained by Oracle engineers. There's a more detailed answer to your question here, which links to this blog post: Q : What is the difference between the source code found in the OpenJDK repository, and the code you use to build the Oracle JDK? A : It is very close - our build process for Oracle JDK releases builds on OpenJDK 7 by adding just a couple of pieces, like the deployment code, which includes Oracle's implementation of the Java Plugin and Java WebStart, as well as some closed source third party components like a graphics rasterizer, some open source third party components, like Rhino, and a few bits and pieces here and there, like additional documentation or third party fonts. Moving forward, our intent is to open source all pieces of the Oracle JDK except those that we consider commercial features such as JRockit Mission Control (not yet available in Oracle JDK), and replace encumbered third party components with open source alternatives to achieve closer parity between the code bases. i dont get it. if they are similar then why two? Technical differences are a consequence of the goal of each one (OpenJDK is meant to be the reference implementation, open to the community, while Oracle is meant to be a commercial one) They both have "almost" the same code of the classes in the Java API; but the code for the virtual machine itself is actually different, and when it comes to libraries, OpenJDK tends to use open libraries while Oracle tends to use closed ones; for instance, the font library. Is the Server Affected? The Server was not affected by this exploit as the server uses OpenJDK 1.8 which had this fixed. Updated java-1.7.0-openjdk packages fix security vulnerabilities Publication date: 15 Apr 2015 Type: security Affected Mageia releases : 4 CVE: CVE-2005-1080 , CVE-2015-0460 , CVE-2015-0469 , CVE-2015-0477 , CVE-2015-0478 , CVE-2015-0480 , CVE-2015-0488 Description Updated java-1.7.0 packages fix security vulnerabilities: An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions (CVE-2015-0469). A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions (CVE-2015-0460). A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly (CVE-2015-0488). A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions (CVE-2015-0477). A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted (CVE-2005-1080, CVE-2015-0480). It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures (CVE-2015-0478). References https://bugs.mageia.org/show_bug.cgi?id=15706 http://blog.fuseyism.com/index.php/2015/04/15/security-icedtea-2-5-5-for-openjdk-7-released/ http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html https://rhn.redhat.com/errata/RHSA-2015-0806.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1080 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488 I am glad that I used the Beta Version of Mageia that has updated dependencies and took the extra downtime. This would of been a nightmare to take care of. Looks like the downtime actually benefited us for once