Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871158
Category:Red Hat Local Security Checks
Title:RedHat Update for java-1.6.0-openjdk RHSA-2014:0408-01
Summary:The remote host is missing an update for the 'java-1.6.0-openjdk'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'java-1.6.0-openjdk'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.

An input validation flaw was discovered in the medialib library in the 2D
component. A specially crafted image could trigger Java Virtual Machine
memory corruption when processed. A remote attacker, or an untrusted Java
application or applet, could possibly use this flaw to execute arbitrary
code with the privileges of the user running the Java Virtual Machine.
(CVE-2014-0429)

Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK.
An untrusted Java application or applet could use these flaws to trigger
Java Virtual Machine memory corruption and possibly bypass Java sandbox
restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)

Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-0457,
CVE-2014-0461)

Multiple improper permission check issues were discovered in the AWT,
JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java
application or applet could use these flaws to bypass certain Java sandbox
restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423,
CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427)

Multiple flaws were identified in the Java Naming and Directory Interface
(JNDI) DNS client. These flaws could make it easier for a remote attacker
to perform DNS spoofing attacks. (CVE-2014-0460)

It was discovered that the JAXP component did not properly prevent access
to arbitrary files when a SecurityManager was present. This flaw could
cause a Java application using JAXP to leak sensitive information, or
affect application availability. (CVE-2014-2403)

It was discovered that the Security component in OpenJDK could leak some
timing information when performing PKCS#1 unpadding. This could possibly
lead to the disclosure of some information that was meant to be protected
by encryption. (CVE-2014-0453)

It was discovered that the fix for CVE-2013-5797 did not properly resolve
input sanitization flaws in javadoc. When javadoc documentation was
generated from an untrusted Java source code and hosted on a domain not
controlled by the code author, these issues could make it easier to perform
cross-site scripting (XSS) attacks. (CVE-2014-2398)

An insecure temporary file use flaw ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-0429
BugTraq ID: 66856
http://www.securityfocus.com/bid/66856
Debian Security Information: DSA-2912 (Google Search)
http://www.debian.org/security/2014/dsa-2912
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://security.gentoo.org/glsa/glsa-201502-12.xml
HPdes Security Advisory: HPSBUX03092
http://marc.info/?l=bugtraq&m=140852974709252&w=2
HPdes Security Advisory: SSRT101668
RedHat Security Advisories: RHSA-2014:0413
https://access.redhat.com/errata/RHSA-2014:0413
RedHat Security Advisories: RHSA-2014:0414
https://access.redhat.com/errata/RHSA-2014:0414
RedHat Security Advisories: RHSA-2014:0675
http://rhn.redhat.com/errata/RHSA-2014-0675.html
RedHat Security Advisories: RHSA-2014:0685
http://rhn.redhat.com/errata/RHSA-2014-0685.html
http://secunia.com/advisories/58415
http://secunia.com/advisories/58974
http://secunia.com/advisories/59058
http://www.ubuntu.com/usn/USN-2187-1
http://www.ubuntu.com/usn/USN-2191-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-0446
BugTraq ID: 66903
http://www.securityfocus.com/bid/66903
HPdes Security Advisory: HPSBUX03091
http://marc.info/?l=bugtraq&m=140852886808946&w=2
HPdes Security Advisory: SSRT101667
Common Vulnerability Exposure (CVE) ID: CVE-2014-0451
BugTraq ID: 66879
http://www.securityfocus.com/bid/66879
Common Vulnerability Exposure (CVE) ID: CVE-2014-0452
BugTraq ID: 66891
http://www.securityfocus.com/bid/66891
Common Vulnerability Exposure (CVE) ID: CVE-2014-0453
BugTraq ID: 66914
http://www.securityfocus.com/bid/66914
http://secunia.com/advisories/59022
http://secunia.com/advisories/59023
http://secunia.com/advisories/59071
http://secunia.com/advisories/59082
http://secunia.com/advisories/59104
http://secunia.com/advisories/59194
http://secunia.com/advisories/59250
http://secunia.com/advisories/59255
http://secunia.com/advisories/59307
http://secunia.com/advisories/59324
http://secunia.com/advisories/59436
http://secunia.com/advisories/59438
http://secunia.com/advisories/59653
http://secunia.com/advisories/59675
http://secunia.com/advisories/59722
http://secunia.com/advisories/59733
http://secunia.com/advisories/60003
http://secunia.com/advisories/60111
http://secunia.com/advisories/60117
http://secunia.com/advisories/60498
http://secunia.com/advisories/60574
http://secunia.com/advisories/60580
http://secunia.com/advisories/61050
http://secunia.com/advisories/61264
Common Vulnerability Exposure (CVE) ID: CVE-2014-0456
BugTraq ID: 66877
http://www.securityfocus.com/bid/66877
Common Vulnerability Exposure (CVE) ID: CVE-2014-0457
BugTraq ID: 66866
http://www.securityfocus.com/bid/66866
Common Vulnerability Exposure (CVE) ID: CVE-2014-0458
BugTraq ID: 66883
http://www.securityfocus.com/bid/66883
Common Vulnerability Exposure (CVE) ID: CVE-2014-0460
BugTraq ID: 66916
http://www.securityfocus.com/bid/66916
http://secunia.com/advisories/59516
http://secunia.com/advisories/59642
http://secunia.com/advisories/59704
http://secunia.com/advisories/59705
http://secunia.com/advisories/59706
Common Vulnerability Exposure (CVE) ID: CVE-2014-0461
BugTraq ID: 66902
http://www.securityfocus.com/bid/66902
Common Vulnerability Exposure (CVE) ID: CVE-2014-1876
BugTraq ID: 65568
http://www.securityfocus.com/bid/65568
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562
https://bugzilla.redhat.com/show_bug.cgi?id=1060907
http://seclists.org/oss-sec/2014/q1/242
http://seclists.org/oss-sec/2014/q1/285
http://osvdb.org/102808
Common Vulnerability Exposure (CVE) ID: CVE-2014-2397
BugTraq ID: 66893
http://www.securityfocus.com/bid/66893
Common Vulnerability Exposure (CVE) ID: CVE-2014-2398
BugTraq ID: 66920
http://www.securityfocus.com/bid/66920
Common Vulnerability Exposure (CVE) ID: CVE-2014-2403
BugTraq ID: 66918
http://www.securityfocus.com/bid/66918
Common Vulnerability Exposure (CVE) ID: CVE-2014-2412
BugTraq ID: 66873
http://www.securityfocus.com/bid/66873
Common Vulnerability Exposure (CVE) ID: CVE-2014-2414
BugTraq ID: 66894
http://www.securityfocus.com/bid/66894
Common Vulnerability Exposure (CVE) ID: CVE-2014-2421
BugTraq ID: 66881
http://www.securityfocus.com/bid/66881
Common Vulnerability Exposure (CVE) ID: CVE-2014-2423
BugTraq ID: 66887
http://www.securityfocus.com/bid/66887
Common Vulnerability Exposure (CVE) ID: CVE-2014-2427
BugTraq ID: 66909
http://www.securityfocus.com/bid/66909
Common Vulnerability Exposure (CVE) ID: CVE-2013-5797
http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html
BugTraq ID: 63095
http://www.securityfocus.com/bid/63095
HPdes Security Advisory: HPSBUX02943
http://marc.info/?l=bugtraq&m=138674031212883&w=2
HPdes Security Advisory: HPSBUX02944
http://marc.info/?l=bugtraq&m=138674073720143&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18956
RedHat Security Advisories: RHSA-2013:1440
http://rhn.redhat.com/errata/RHSA-2013-1440.html
RedHat Security Advisories: RHSA-2013:1447
http://rhn.redhat.com/errata/RHSA-2013-1447.html
RedHat Security Advisories: RHSA-2013:1451
http://rhn.redhat.com/errata/RHSA-2013-1451.html
RedHat Security Advisories: RHSA-2013:1505
http://rhn.redhat.com/errata/RHSA-2013-1505.html
RedHat Security Advisories: RHSA-2013:1507
http://rhn.redhat.com/errata/RHSA-2013-1507.html
RedHat Security Advisories: RHSA-2013:1508
http://rhn.redhat.com/errata/RHSA-2013-1508.html
RedHat Security Advisories: RHSA-2013:1509
http://rhn.redhat.com/errata/RHSA-2013-1509.html
RedHat Security Advisories: RHSA-2013:1793
http://rhn.redhat.com/errata/RHSA-2013-1793.html
SuSE Security Announcement: SUSE-SU-2013:1666 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html
SuSE Security Announcement: SUSE-SU-2013:1677 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html
SuSE Security Announcement: openSUSE-SU-2013:1663 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html
http://www.ubuntu.com/usn/USN-2033-1
http://www.ubuntu.com/usn/USN-2089-1
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.