Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Update for java-1.7.0-openjdk RHSA-2013:0958-01
Summary:The remote host is missing an update for the 'java-1.7.0-openjdk'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'java-1.7.0-openjdk'
package(s) announced via the referenced advisory.

Vulnerability Insight:
These packages provide the OpenJDK 7 Java Runtime Environment and the
OpenJDK 7 Software Development Kit.

Multiple flaws were discovered in the ImagingLib and the image attribute,
channel, layout and raster processing in the 2D component. An untrusted
Java application or applet could possibly use these flaws to trigger Java
Virtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,
CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)

Integer overflow flaws were found in the way AWT processed certain input.
An attacker could use these flaws to execute arbitrary code with the
privileges of the user running an untrusted Java applet or application.

Multiple improper permission check issues were discovered in the Sound,
JDBC, Libraries, JMX, and Serviceability components in OpenJDK. An
untrusted Java application or applet could use these flaws to bypass Java
sandbox restrictions. (CVE-2013-2448, CVE-2013-2454, CVE-2013-2458,
CVE-2013-2457, CVE-2013-2453, CVE-2013-2460)

Multiple flaws in the Serialization, Networking, Libraries and CORBA
components can be exploited by an untrusted Java application or applet to
gain access to potentially sensitive information. (CVE-2013-2456,
CVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)

It was discovered that the Hotspot component did not properly handle
out-of-memory errors. An untrusted Java application or applet could
possibly use these flaws to terminate the Java Virtual Machine.

It was discovered that the AWT component did not properly manage certain
resources and that the ObjectStreamClass of the Serialization component
did not properly handle circular references. An untrusted Java application
or applet could possibly use these flaws to cause a denial of service.
(CVE-2013-2444, CVE-2013-2450)

It was discovered that the Libraries component contained certain errors
related to XML security and the class loader. A remote attacker could
possibly exploit these flaws to bypass intended security mechanisms or
disclose potentially sensitive information and cause a denial of service.
(CVE-2013-2407, CVE-2013-2461)

It was discovered that JConsole did not properly inform the user when
establishing an SSL connection failed. An attacker could exploit this flaw
to gain access to potentially sensitive information. (CVE-2013-2412)

It was discovered that GnomeFileTypeDetector did not check for read
permissions when accessing files. An untrusted Jav ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
java-1.7.0-openjdk on Red Hat Enterprise Linux (v. 5 server)

Please Install the Updated Packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-1500
BugTraq ID: 60627
Cert/CC Advisory: TA13-169A
HPdes Security Advisory: HPSBUX02908
HPdes Security Advisory: HPSBUX02922
HPdes Security Advisory: SSRT101305
RedHat Security Advisories: RHSA-2013:0963
RedHat Security Advisories: RHSA-2013:1059
RedHat Security Advisories: RHSA-2013:1060
RedHat Security Advisories: RHSA-2013:1081
RedHat Security Advisories: RHSA-2013:1455
RedHat Security Advisories: RHSA-2013:1456
RedHat Security Advisories: RHSA-2014:0414
SuSE Security Announcement: SUSE-SU-2013:1255 (Google Search)
SuSE Security Announcement: SUSE-SU-2013:1257 (Google Search)
SuSE Security Announcement: SUSE-SU-2013:1263 (Google Search)
SuSE Security Announcement: SUSE-SU-2013:1264 (Google Search)
SuSE Security Announcement: SUSE-SU-2013:1293 (Google Search)
SuSE Security Announcement: SUSE-SU-2013:1305 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2013-1571
BugTraq ID: 60634
CERT/CC vulnerability note: VU#225657
HPdes Security Advisory: HPSBUX02907
Common Vulnerability Exposure (CVE) ID: CVE-2013-2407
BugTraq ID: 60653
SuSE Security Announcement: SUSE-SU-2013:1256 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2013-2412
BugTraq ID: 60618
Common Vulnerability Exposure (CVE) ID: CVE-2013-2443
BugTraq ID: 60646
Common Vulnerability Exposure (CVE) ID: CVE-2013-2444
BugTraq ID: 60633
Common Vulnerability Exposure (CVE) ID: CVE-2013-2445
BugTraq ID: 60639
Common Vulnerability Exposure (CVE) ID: CVE-2013-2446
BugTraq ID: 60620
Common Vulnerability Exposure (CVE) ID: CVE-2013-2447
BugTraq ID: 60629
Common Vulnerability Exposure (CVE) ID: CVE-2013-2448
BugTraq ID: 60640
Common Vulnerability Exposure (CVE) ID: CVE-2013-2449
Common Vulnerability Exposure (CVE) ID: CVE-2013-2450
BugTraq ID: 60638
Common Vulnerability Exposure (CVE) ID: CVE-2013-2452
BugTraq ID: 60617
Common Vulnerability Exposure (CVE) ID: CVE-2013-2453
BugTraq ID: 60644
Common Vulnerability Exposure (CVE) ID: CVE-2013-2454
BugTraq ID: 60650
Common Vulnerability Exposure (CVE) ID: CVE-2013-2455
BugTraq ID: 60619
Common Vulnerability Exposure (CVE) ID: CVE-2013-2456
BugTraq ID: 60641
Common Vulnerability Exposure (CVE) ID: CVE-2013-2457
BugTraq ID: 60632
Common Vulnerability Exposure (CVE) ID: CVE-2013-2458
Common Vulnerability Exposure (CVE) ID: CVE-2013-2459
BugTraq ID: 60647
Common Vulnerability Exposure (CVE) ID: CVE-2013-2460
Common Vulnerability Exposure (CVE) ID: CVE-2013-2461
BugTraq ID: 60645
Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2013-2463
BugTraq ID: 60655
Common Vulnerability Exposure (CVE) ID: CVE-2013-2465
BugTraq ID: 60657
Common Vulnerability Exposure (CVE) ID: CVE-2013-2469
BugTraq ID: 60658
Common Vulnerability Exposure (CVE) ID: CVE-2013-2470
BugTraq ID: 60651
Common Vulnerability Exposure (CVE) ID: CVE-2013-2471
BugTraq ID: 60659
Common Vulnerability Exposure (CVE) ID: CVE-2013-2472
BugTraq ID: 60656
Common Vulnerability Exposure (CVE) ID: CVE-2013-2473
BugTraq ID: 60623
CopyrightCopyright (c) 2013 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.