Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Update for java-1.7.0-openjdk RHSA-2014:0675-01
Summary:The remote host is missing an update for the 'java-1.7.0-openjdk'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'java-1.7.0-openjdk'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.

An input validation flaw was discovered in the medialib library in the 2D
component. A specially crafted image could trigger Java Virtual Machine
memory corruption when processed. A remote attacker, or an untrusted Java
application or applet, could possibly use this flaw to execute arbitrary
code with the privileges of the user running the Java Virtual Machine.

Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK.
An untrusted Java application or applet could use these flaws to trigger
Java Virtual Machine memory corruption and possibly bypass Java sandbox
restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)

Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-0457,
CVE-2014-0455, CVE-2014-0461)

Multiple improper permission check issues were discovered in the AWT,
JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK.
An untrusted Java application or applet could use these flaws to bypass
certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,
CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402,
CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)

Multiple flaws were identified in the Java Naming and Directory Interface
(JNDI) DNS client. These flaws could make it easier for a remote attacker
to perform DNS spoofing attacks. (CVE-2014-0460)

It was discovered that the JAXP component did not properly prevent access
to arbitrary files when a SecurityManager was present. This flaw could
cause a Java application using JAXP to leak sensitive information, or
affect application availability. (CVE-2014-2403)

It was discovered that the Security component in OpenJDK could leak some
timing information when performing PKCS#1 unpadding. This could possibly
lead to the disclosure of some information that was meant to be protected
by encryption. (CVE-2014-0453)

It was discovered that the fix for CVE-2013-5797 did not properly resolve
input sanitization flaws in javadoc. When javadoc documentation was
generated from an untrusted Java source code and hosted on a domain not
controlled by the code author, these issues could make it easier to perform
cross-site scripting (XSS) attacks. (CVE-2014-2398)

An insecure temporary file use flaw was found in the way the unpack200
utility ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
java-1.7.0-openjdk on Red Hat Enterprise Linux Server (v. 7)

Please Install the Updated Packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-0429
BugTraq ID: 66856
Debian Security Information: DSA-2912 (Google Search)
HPdes Security Advisory: HPSBUX03092
HPdes Security Advisory: SSRT101668
RedHat Security Advisories: RHSA-2014:0413
RedHat Security Advisories: RHSA-2014:0414
RedHat Security Advisories: RHSA-2014:0675
RedHat Security Advisories: RHSA-2014:0685
Common Vulnerability Exposure (CVE) ID: CVE-2014-0446
BugTraq ID: 66903
HPdes Security Advisory: HPSBUX03091
HPdes Security Advisory: SSRT101667
Common Vulnerability Exposure (CVE) ID: CVE-2014-0451
BugTraq ID: 66879
Common Vulnerability Exposure (CVE) ID: CVE-2014-0452
BugTraq ID: 66891
Common Vulnerability Exposure (CVE) ID: CVE-2014-0453
BugTraq ID: 66914
Common Vulnerability Exposure (CVE) ID: CVE-2014-0454
BugTraq ID: 66905
Common Vulnerability Exposure (CVE) ID: CVE-2014-0455
BugTraq ID: 66899
Common Vulnerability Exposure (CVE) ID: CVE-2014-0456
BugTraq ID: 66877
Common Vulnerability Exposure (CVE) ID: CVE-2014-0457
BugTraq ID: 66866
Common Vulnerability Exposure (CVE) ID: CVE-2014-0458
BugTraq ID: 66883
Common Vulnerability Exposure (CVE) ID: CVE-2014-0459
BugTraq ID: 66910
Common Vulnerability Exposure (CVE) ID: CVE-2014-0460
BugTraq ID: 66916
Common Vulnerability Exposure (CVE) ID: CVE-2014-0461
BugTraq ID: 66902
Common Vulnerability Exposure (CVE) ID: CVE-2014-1876
BugTraq ID: 65568
Common Vulnerability Exposure (CVE) ID: CVE-2014-2397
BugTraq ID: 66893
Common Vulnerability Exposure (CVE) ID: CVE-2014-2398
BugTraq ID: 66920
Common Vulnerability Exposure (CVE) ID: CVE-2014-2402
BugTraq ID: 66898
Common Vulnerability Exposure (CVE) ID: CVE-2014-2403
BugTraq ID: 66918
Common Vulnerability Exposure (CVE) ID: CVE-2014-2412
BugTraq ID: 66873
Common Vulnerability Exposure (CVE) ID: CVE-2014-2413
BugTraq ID: 66917
Common Vulnerability Exposure (CVE) ID: CVE-2014-2414
BugTraq ID: 66894
Common Vulnerability Exposure (CVE) ID: CVE-2014-2421
BugTraq ID: 66881
Common Vulnerability Exposure (CVE) ID: CVE-2014-2423
BugTraq ID: 66887
Common Vulnerability Exposure (CVE) ID: CVE-2014-2427
BugTraq ID: 66909
Common Vulnerability Exposure (CVE) ID: CVE-2013-5797
BugTraq ID: 63095
HPdes Security Advisory: HPSBUX02943
HPdes Security Advisory: HPSBUX02944
RedHat Security Advisories: RHSA-2013:1440
RedHat Security Advisories: RHSA-2013:1447
RedHat Security Advisories: RHSA-2013:1451
RedHat Security Advisories: RHSA-2013:1505
RedHat Security Advisories: RHSA-2013:1507
RedHat Security Advisories: RHSA-2013:1508
RedHat Security Advisories: RHSA-2013:1509
RedHat Security Advisories: RHSA-2013:1793
SuSE Security Announcement: SUSE-SU-2013:1666 (Google Search)
SuSE Security Announcement: SUSE-SU-2013:1677 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:1663 (Google Search)
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.