Date: Tue, 11 Sep 2012 05:18:14 -0400 (EDT) From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> Cc: oss-security@...ts.openwall.com, Florian Weimer <fweimer@...hat.com>, Oracle Security Team <secalert_us@...cle.com> Subject: CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs) Hello Kurt, Steve, vendors, an information disclosure flaw was found in the way certain Java Virtual Machines (JVM) used to initialize integer arrays (they have had nonzero elements right after the allocation in certain circumstances). An attacker could use this flaw to obtain potentially sensitive information. References (including the reproducer, workaround and further details):  http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7196857  https://bugzilla.redhat.com/show_bug.cgi?id=856124 Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team P.S.: Issue brought to us by Florian Weimer, Red Hat Product Security Team (for case someone is tracking the initial reporter) P.S#2: Oracle Security Team Cc-ed on this request too (to clarify if CVE id has been assigned to this already or not).
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ