Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Update for java-1.7.0-openjdk RHSA-2014:0026-01
Summary:The remote host is missing an update for the 'java-1.7.0-openjdk'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'java-1.7.0-openjdk'
package(s) announced via the referenced advisory.

Vulnerability Insight:
These packages provide the OpenJDK 7 Java Runtime Environment and the
OpenJDK 7 Software Development Kit.

An input validation flaw was discovered in the font layout engine in the 2D
component. A specially crafted font file could trigger Java Virtual Machine
memory corruption when processed. An untrusted Java application or applet
could possibly use this flaw to bypass Java sandbox restrictions.

Multiple improper permission check issues were discovered in the CORBA,
JNDI, and Libraries components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass Java sandbox restrictions.
(CVE-2014-0428, CVE-2014-0422, CVE-2013-5893)

Multiple improper permission check issues were discovered in the
Serviceability, Security, CORBA, JAAS, JAXP, and Networking components in
OpenJDK. An untrusted Java application or applet could use these flaws to
bypass certain Java sandbox restrictions. (CVE-2014-0373, CVE-2013-5878,
CVE-2013-5910, CVE-2013-5896, CVE-2013-5884, CVE-2014-0416, CVE-2014-0376,

It was discovered that the Beans component did not restrict processing of
XML external entities. This flaw could cause a Java application using Beans
to leak sensitive information, or affect application availability.

It was discovered that the JSSE component could leak timing information
during the TLS/SSL handshake. This could possibly lead to disclosure of
information about the used encryption keys. (CVE-2014-0411)

Note: The java-1.7.0-openjdk package shipped with Red Hat Enterprise Linux
6.5 via RHBA-2013:1611 replaced 'java7' with 'java' in the provides list.
This update re-adds 'java7' to the provides list to maintain backwards
compatibility with releases prior to Red Hat Enterprise Linux 6.5.

Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website.

All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

Affected Software/OS:
java-1.7.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Please Install the Updated Packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-5878
BugTraq ID: 64758
BugTraq ID: 64927
HPdes Security Advisory: HPSBUX02972
HPdes Security Advisory: HPSBUX02973
HPdes Security Advisory: SSRT101454
HPdes Security Advisory: SSRT101455
RedHat Security Advisories: RHSA-2014:0026
RedHat Security Advisories: RHSA-2014:0027
RedHat Security Advisories: RHSA-2014:0030
RedHat Security Advisories: RHSA-2014:0097
RedHat Security Advisories: RHSA-2014:0134
RedHat Security Advisories: RHSA-2014:0135
RedHat Security Advisories: RHSA-2014:0414
SuSE Security Announcement: SUSE-SU-2014:0246 (Google Search)
SuSE Security Announcement: SUSE-SU-2014:0266 (Google Search)
SuSE Security Announcement: SUSE-SU-2014:0451 (Google Search)
SuSE Security Announcement: openSUSE-SU-2014:0174 (Google Search)
SuSE Security Announcement: openSUSE-SU-2014:0177 (Google Search)
SuSE Security Announcement: openSUSE-SU-2014:0180 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2013-5884
BugTraq ID: 64924
XForce ISS Database: oracle-cpujan2014-cve20135884(90348)
Common Vulnerability Exposure (CVE) ID: CVE-2013-5893
BugTraq ID: 64863
Common Vulnerability Exposure (CVE) ID: CVE-2013-5896
BugTraq ID: 64926
XForce ISS Database: oracle-cpujan2014-cve20135896(90347)
Common Vulnerability Exposure (CVE) ID: CVE-2013-5907
BugTraq ID: 64894
RedHat Security Advisories: RHSA-2014:0136
Common Vulnerability Exposure (CVE) ID: CVE-2013-5910
BugTraq ID: 64933
XForce ISS Database: oracle-cpujan2014-cve20135910(90352)
Common Vulnerability Exposure (CVE) ID: CVE-2014-0368
BugTraq ID: 64930
Common Vulnerability Exposure (CVE) ID: CVE-2014-0373
BugTraq ID: 64922
Common Vulnerability Exposure (CVE) ID: CVE-2014-0376
BugTraq ID: 64907
XForce ISS Database: oracle-cpujan2014-cve20140376(90350)
Common Vulnerability Exposure (CVE) ID: CVE-2014-0411
BugTraq ID: 64918
XForce ISS Database: oracle-cpujan2014-cve20140411(90357)
Common Vulnerability Exposure (CVE) ID: CVE-2014-0416
BugTraq ID: 64937
XForce ISS Database: oracle-cpujan2014-cve20140416(90349)
Common Vulnerability Exposure (CVE) ID: CVE-2014-0422
BugTraq ID: 64921
Common Vulnerability Exposure (CVE) ID: CVE-2014-0423
BugTraq ID: 64914
XForce ISS Database: oracle-cpujan2014-cve20140423(90340)
Common Vulnerability Exposure (CVE) ID: CVE-2014-0428
BugTraq ID: 64935
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.