Bug 937828 (CVE-2015-2590) - VUL-0: CVE-2015-2590: java-1_8_0-openjdk: mystery 0-day from Pawn Storm
Summary: VUL-0: CVE-2015-2590: java-1_8_0-openjdk: mystery 0-day from Pawn Storm
Status: RESOLVED DUPLICATE of bug 938248
Alias: CVE-2015-2590
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Fridrich Strba
QA Contact: Security Team bot
URL:
Whiteboard: CVSSv2:NVD:CVE-2015-2621:5.0:(AV:N/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-07-13 12:55 UTC by Andreas Stieger
Modified: 2020-04-01 22:14 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2015-07-13 12:55:55 UTC 
http://www.net-security.org/secworld.php?id=18618
"[...] spotted by Trend Micro researchers [...] targeted attack [..] Pawn Storm.
[...] The exploit allows attackers to execute arbitrary code on target systems with default Java settings. [...]
Affecting 1.8, including 1.8.0.45."

Affecting openSUSE 13.2 and Tumbleweed.
Comment 3 Swamp Workflow Management 2015-07-13 21:59:59 UTC 
bugbot adjusting priority
Comment 4 Andreas Stieger 2015-07-16 08:35:55 UTC 
Included in CPU bug 937828

*** This bug has been marked as a duplicate of bug 938248 ***
Comment 5 Bernhard Wiedemann 2015-07-22 09:00:09 UTC 
This is an autogenerated message for OBS integration:
This bug (937828) was mentioned in
https://build.opensuse.org/request/show/317850 Factory / java-1_8_0-openjdk
https://build.opensuse.org/request/show/317851 13.2 / java-1_7_0-openjdk+java-1_8_0-openjdk
Comment 8 Swamp Workflow Management 2015-07-26 19:08:01 UTC 
openSUSE-SU-2015:1288-1: An update that fixes 24 vulnerabilities is now available.

Category: security (important)
Bug References: 937828,938248
CVE References: CVE-2015-2590,CVE-2015-2596,CVE-2015-2597,CVE-2015-2601,CVE-2015-2613,CVE-2015-2619,CVE-2015-2621,CVE-2015-2625,CVE-2015-2627,CVE-2015-2628,CVE-2015-2632,CVE-2015-2637,CVE-2015-2638,CVE-2015-2664,CVE-2015-2808,CVE-2015-4000,CVE-2015-4729,CVE-2015-4731,CVE-2015-4732,CVE-2015-4733,CVE-2015-4736,CVE-2015-4748,CVE-2015-4749,CVE-2015-4760
Sources used:
openSUSE 13.2 (src):    java-1_7_0-openjdk-1.7.0.85-10.2, java-1_7_0-openjdk-bootstrap-1.7.0.85-10.1
openSUSE 13.1 (src):    java-1_7_0-openjdk-1.7.0.85-24.21.1
Comment 9 Swamp Workflow Management 2015-07-26 19:08:30 UTC 
openSUSE-SU-2015:1289-1: An update that fixes 24 vulnerabilities is now available.

Category: security (important)
Bug References: 937828,938248
CVE References: CVE-2015-2590,CVE-2015-2597,CVE-2015-2601,CVE-2015-2613,CVE-2015-2619,CVE-2015-2621,CVE-2015-2625,CVE-2015-2627,CVE-2015-2628,CVE-2015-2632,CVE-2015-2637,CVE-2015-2638,CVE-2015-2659,CVE-2015-2664,CVE-2015-2808,CVE-2015-4000,CVE-2015-4729,CVE-2015-4731,CVE-2015-4732,CVE-2015-4733,CVE-2015-4736,CVE-2015-4748,CVE-2015-4749,CVE-2015-4760
Sources used:
openSUSE 13.2 (src):    java-1_8_0-openjdk-1.8.0.51-12.1