Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871117
Category:Red Hat Local Security Checks
Title:RedHat Update for java-1.6.0-openjdk RHSA-2014:0097-01
Summary:The remote host is missing an update for the 'java-1.6.0-openjdk'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'java-1.6.0-openjdk'
package(s) announced via the referenced advisory.

Vulnerability Insight:
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Java Software Development Kit.

An input validation flaw was discovered in the font layout engine in the 2D
component. A specially crafted font file could trigger a Java Virtual
Machine memory corruption when processed. An untrusted Java application or
applet could possibly use this flaw to bypass Java sandbox restrictions.
(CVE-2013-5907)

Multiple improper permission check issues were discovered in the CORBA and
JNDI components in OpenJDK. An untrusted Java application or applet could
use these flaws to bypass Java sandbox restrictions. (CVE-2014-0428,
CVE-2014-0422)

Multiple improper permission check issues were discovered in the
Serviceability, Security, CORBA, JAAS, JAXP, and Networking components in
OpenJDK. An untrusted Java application or applet could use these flaws to
bypass certain Java sandbox restrictions. (CVE-2014-0373, CVE-2013-5878,
CVE-2013-5910, CVE-2013-5896, CVE-2013-5884, CVE-2014-0416, CVE-2014-0376,
CVE-2014-0368)

It was discovered that the Beans component did not restrict processing of
XML external entities. This flaw could cause a Java application using Beans
to leak sensitive information, or affect application availability.
(CVE-2014-0423)

It was discovered that the JSSE component could leak timing information
during the TLS/SSL handshake. This could possibly lead to a disclosure of
information about the used encryption keys. (CVE-2014-0411)

All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

Affected Software/OS:
java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-5878
BugTraq ID: 64758
http://www.securityfocus.com/bid/64758
BugTraq ID: 64927
http://www.securityfocus.com/bid/64927
HPdes Security Advisory: HPSBUX02972
http://marc.info/?l=bugtraq&m=139402697611681&w=2
HPdes Security Advisory: HPSBUX02973
http://marc.info/?l=bugtraq&m=139402749111889&w=2
HPdes Security Advisory: SSRT101454
HPdes Security Advisory: SSRT101455
http://osvdb.org/102005
RedHat Security Advisories: RHSA-2014:0026
http://rhn.redhat.com/errata/RHSA-2014-0026.html
RedHat Security Advisories: RHSA-2014:0027
http://rhn.redhat.com/errata/RHSA-2014-0027.html
RedHat Security Advisories: RHSA-2014:0030
http://rhn.redhat.com/errata/RHSA-2014-0030.html
RedHat Security Advisories: RHSA-2014:0097
http://rhn.redhat.com/errata/RHSA-2014-0097.html
RedHat Security Advisories: RHSA-2014:0134
http://rhn.redhat.com/errata/RHSA-2014-0134.html
RedHat Security Advisories: RHSA-2014:0135
http://rhn.redhat.com/errata/RHSA-2014-0135.html
RedHat Security Advisories: RHSA-2014:0414
https://access.redhat.com/errata/RHSA-2014:0414
http://www.securitytracker.com/id/1029608
http://secunia.com/advisories/56432
http://secunia.com/advisories/56485
http://secunia.com/advisories/56486
http://secunia.com/advisories/56535
SuSE Security Announcement: SUSE-SU-2014:0246 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html
SuSE Security Announcement: SUSE-SU-2014:0266 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html
SuSE Security Announcement: SUSE-SU-2014:0451 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html
SuSE Security Announcement: openSUSE-SU-2014:0174 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html
SuSE Security Announcement: openSUSE-SU-2014:0177 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html
SuSE Security Announcement: openSUSE-SU-2014:0180 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html
http://www.ubuntu.com/usn/USN-2089-1
http://www.ubuntu.com/usn/USN-2124-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-5884
BugTraq ID: 64924
http://www.securityfocus.com/bid/64924
http://hg.openjdk.java.net/jdk7u/jdk7u/corba/rev/b1548473f261
http://osvdb.org/102016
XForce ISS Database: oracle-cpujan2014-cve20135884(90348)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90348
Common Vulnerability Exposure (CVE) ID: CVE-2013-5896
BugTraq ID: 64926
http://www.securityfocus.com/bid/64926
http://osvdb.org/102015
XForce ISS Database: oracle-cpujan2014-cve20135896(90347)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90347
Common Vulnerability Exposure (CVE) ID: CVE-2013-5907
BugTraq ID: 64894
http://www.securityfocus.com/bid/64894
http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/9d29c19f1de1
http://osvdb.org/101995
RedHat Security Advisories: RHSA-2014:0136
http://rhn.redhat.com/errata/RHSA-2014-0136.html
http://secunia.com/advisories/56487
Common Vulnerability Exposure (CVE) ID: CVE-2013-5910
BugTraq ID: 64933
http://www.securityfocus.com/bid/64933
http://osvdb.org/102021
XForce ISS Database: oracle-cpujan2014-cve20135910(90352)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90352
Common Vulnerability Exposure (CVE) ID: CVE-2014-0368
BugTraq ID: 64930
http://www.securityfocus.com/bid/64930
http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/e6160aedadd5
http://secunia.com/advisories/59235
http://secunia.com/advisories/59339
Common Vulnerability Exposure (CVE) ID: CVE-2014-0373
BugTraq ID: 64922
http://www.securityfocus.com/bid/64922
http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/496c51673dec
Common Vulnerability Exposure (CVE) ID: CVE-2014-0376
BugTraq ID: 64907
http://www.securityfocus.com/bid/64907
http://hg.openjdk.java.net/jdk7u/jdk7u/jaxp/rev/42be8e6266ab
http://hg.openjdk.java.net/jdk7u/jdk7u/jaxp/rev/783ceae9b736
http://osvdb.org/102018
XForce ISS Database: oracle-cpujan2014-cve20140376(90350)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90350
Common Vulnerability Exposure (CVE) ID: CVE-2014-0411
BugTraq ID: 64918
http://www.securityfocus.com/bid/64918
http://osvdb.org/102028
http://secunia.com/advisories/57809
http://secunia.com/advisories/59037
http://secunia.com/advisories/59071
http://secunia.com/advisories/59082
http://secunia.com/advisories/59194
http://secunia.com/advisories/59251
http://secunia.com/advisories/59254
http://secunia.com/advisories/59283
http://secunia.com/advisories/59324
http://secunia.com/advisories/59665
http://secunia.com/advisories/59704
http://secunia.com/advisories/59705
http://secunia.com/advisories/59872
http://secunia.com/advisories/60005
http://secunia.com/advisories/60498
http://secunia.com/advisories/60833
http://secunia.com/advisories/60835
http://secunia.com/advisories/60836
XForce ISS Database: oracle-cpujan2014-cve20140411(90357)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90357
Common Vulnerability Exposure (CVE) ID: CVE-2014-0416
BugTraq ID: 64937
http://www.securityfocus.com/bid/64937
http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/abe1cb2d27cb
http://osvdb.org/102017
http://secunia.com/advisories/59307
http://secunia.com/advisories/60568
XForce ISS Database: oracle-cpujan2014-cve20140416(90349)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90349
Common Vulnerability Exposure (CVE) ID: CVE-2014-0422
BugTraq ID: 64921
http://www.securityfocus.com/bid/64921
http://osvdb.org/101997
Common Vulnerability Exposure (CVE) ID: CVE-2014-0423
BugTraq ID: 64914
http://www.securityfocus.com/bid/64914
XForce ISS Database: oracle-cpujan2014-cve20140423(90340)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90340
Common Vulnerability Exposure (CVE) ID: CVE-2014-0428
BugTraq ID: 64935
http://www.securityfocus.com/bid/64935
http://hg.openjdk.java.net/jdk7u/jdk7u/corba/rev/0a879f00b698
http://osvdb.org/101996
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.