[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2016-0048":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":28,"duplicates":29,"related":30,"reserved_at":9,"published_at":38,"modified_at":39,"state":9,"summary":40,"references_raw":42,"kevs":63,"epss":9,"epss_history":64,"metrics":65,"affected":66},"MGASA-2016-0048","Updated java-1.8.0-openjdk/copy-jdk-configs/lua-lunit/lua-posix packages fix security vulnerability\n\nAn out-of-bounds write flaw was found in the JPEG image format decoder in\nthe AWT component in OpenJDK. A specially crafted JPEG image could cause\na Java application to crash or, possibly execute arbitrary code. An\nuntrusted Java application or applet could use this flaw to bypass Java\nsandbox restrictions (CVE-2016-0483).\n\nAn integer signedness issue was found in the font parsing code in the 2D\ncomponent in OpenJDK. A specially crafted font file could possibly cause\nthe Java Virtual Machine to execute arbitrary code, allowing an untrusted\nJava application or applet to bypass Java sandbox restrictions\n(CVE-2016-0494).\n\nIt was discovered that the password-based encryption (PBE) implementation\nin the Libraries component in OpenJDK used an incorrect key length. This\ncould, in certain cases, lead to generation of keys that were weaker than\nexpected (CVE-2016-0475).\n\nIt was discovered that the JAXP component in OpenJDK did not properly\nenforce the totalEntitySizeLimit limit. An attacker able to make a Java\napplication process a specially crafted XML file could use this flaw to\nmake the application consume an excessive amount of memory\n(CVE-2016-0466).\n\nA flaw was found in the way TLS 1.2 could use the MD5 hash function for\nsigning ServerKeyExchange and Client Authentication packets during a TLS\nhandshake. A man-in-the-middle attacker able to force a TLS connection to\nuse the MD5 hash function could use this flaw to conduct collision attacks\nto impersonate a TLS server or an authenticated TLS client\n(CVE-2015-7575).\n\nMultiple flaws were discovered in the Networking and JMX components in\nOpenJDK. An untrusted Java application or applet could use these flaws to\nbypass certain Java sandbox restrictions (CVE-2016-0402, CVE-2016-0448).\n\nThis update also required the addition of a new package, copy-jdk-configs,\nand a patch to the chkconfig package which adds the --family option to the\nalternatives command.  Both of these are used by scriplets in the update\njava-1.8.0-openjdk packages.\n",null,[],[],[],[14,16,18,20,22,24,26],{"_key":15},"CVE-2015-7575",{"_key":17},"CVE-2016-0402",{"_key":19},"CVE-2016-0448",{"_key":21},"CVE-2016-0466",{"_key":23},"CVE-2016-0475",{"_key":25},"CVE-2016-0483",{"_key":27},"CVE-2016-0494",[],[],[31,32,33,34,35,36,37],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},"2016-02-05T17:26:09Z","2026-04-16T06:23:53.316569544Z",{"cisa_kev":41,"cisa_ransomware":41,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[43,49,54,59],{"url":44,"sources":45,"tags":47},"https://advisories.mageia.org/MGASA-2016-0048.html",[46],"osv_mageia",[48],"Advisory",{"url":50,"sources":51,"tags":52},"https://bugs.mageia.org/show_bug.cgi?id=17576",[46],[53],"REPORT",{"url":55,"sources":56,"tags":57},"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA",[46],[53,58],"WEB",{"url":60,"sources":61,"tags":62},"https://rhn.redhat.com/errata/RHSA-2016-0049.html",[46],[53,58],[],[],[],[67,79,85,91],{"ecosystem":68,"name":69,"vendor":70,"product":69,"cpe_part":9,"purl_type":71,"purl_namespace":70,"purl_name":69,"source":9,"versions":72},"Mageia","copy-jdk-configs","mageia","rpm",[73],{"version":74,"is_range":75,"range_type":76,"version_start":9,"version_start_type":9,"version_end":77,"version_end_type":78,"fixed_in":9},"lt1_1_1_1_mga5",true,"ecosystem","1.1-1.1.mga5","excluding",{"ecosystem":68,"name":80,"vendor":70,"product":80,"cpe_part":9,"purl_type":71,"purl_namespace":70,"purl_name":80,"source":9,"versions":81},"java-1.8.0-openjdk",[82],{"version":83,"is_range":75,"range_type":76,"version_start":9,"version_start_type":9,"version_end":84,"version_end_type":78,"fixed_in":9},"lt1_8_0_72_1_b15_1_mga5","1.8.0.72-1.b15.1.mga5",{"ecosystem":68,"name":86,"vendor":70,"product":86,"cpe_part":9,"purl_type":71,"purl_namespace":70,"purl_name":86,"source":9,"versions":87},"lua-lunit",[88],{"version":89,"is_range":75,"range_type":76,"version_start":9,"version_start_type":9,"version_end":90,"version_end_type":78,"fixed_in":9},"lt0_5_1_mga5","0.5-1.mga5",{"ecosystem":68,"name":92,"vendor":70,"product":92,"cpe_part":9,"purl_type":71,"purl_namespace":70,"purl_name":92,"source":9,"versions":93},"lua-posix",[94],{"version":95,"is_range":75,"range_type":76,"version_start":9,"version_start_type":9,"version_end":96,"version_end_type":78,"fixed_in":9},"lt33_3_1_1_mga5","33.3.1-1.mga5"]