Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871201
Category:Red Hat Local Security Checks
Title:RedHat Update for java-1.7.0-openjdk RHSA-2014:0890-01
Summary:The remote host is missing an update for the 'java-1.7.0-openjdk'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'java-1.7.0-openjdk'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.

It was discovered that the Hotspot component in OpenJDK did not properly
verify bytecode from the class files. An untrusted Java application or
applet could possibly use these flaws to bypass Java sandbox restrictions.
(CVE-2014-4216, CVE-2014-4219)

A format string flaw was discovered in the Hotspot component event logger
in OpenJDK. An untrusted Java application or applet could use this flaw to
crash the Java Virtual Machine or, potentially, execute arbitrary code with
the privileges of the Java Virtual Machine. (CVE-2014-2490)

Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-4223,
CVE-2014-4262, CVE-2014-2483)

Multiple flaws were discovered in the JMX, Libraries, Security, and
Serviceability components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass certain Java sandbox restrictions.
(CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266)

It was discovered that the RSA algorithm in the Security component in
OpenJDK did not sufficiently perform blinding while performing operations
that were using private keys. An attacker able to measure timing
differences of those operations could possibly leak information about the
used keys. (CVE-2014-4244)

The Diffie-Hellman (DH) key exchange algorithm implementation in the
Security component in OpenJDK failed to validate public DH parameters
properly. This could cause OpenJDK to accept and use weak parameters,
allowing an attacker to recover the negotiated key. (CVE-2014-4263)

The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat
Product Security.

All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

Affected Software/OS:
java-1.7.0-openjdk on Red Hat Enterprise Linux (v. 5 server)

Solution:
Please Install the Updated Packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-2483
BugTraq ID: 68608
http://www.securityfocus.com/bid/68608
Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/534161/100/0/threaded
Debian Security Information: DSA-2987 (Google Search)
http://www.debian.org/security/2014/dsa-2987
http://seclists.org/fulldisclosure/2014/Dec/23
http://security.gentoo.org/glsa/glsa-201502-12.xml
HPdes Security Advisory: HPSBUX03091
http://marc.info/?l=bugtraq&m=140852886808946&w=2
HPdes Security Advisory: SSRT101667
RedHat Security Advisories: RHSA-2014:0902
https://access.redhat.com/errata/RHSA-2014:0902
http://www.securitytracker.com/id/1030577
http://secunia.com/advisories/60485
http://secunia.com/advisories/60812
Common Vulnerability Exposure (CVE) ID: CVE-2014-2490
BugTraq ID: 68645
http://www.securityfocus.com/bid/68645
Debian Security Information: DSA-2980 (Google Search)
http://www.debian.org/security/2014/dsa-2980
http://secunia.com/advisories/60129
Common Vulnerability Exposure (CVE) ID: CVE-2014-4209
BugTraq ID: 68639
http://www.securityfocus.com/bid/68639
HPdes Security Advisory: HPSBUX03092
http://marc.info/?l=bugtraq&m=140852974709252&w=2
HPdes Security Advisory: SSRT101668
RedHat Security Advisories: RHSA-2014:0908
https://access.redhat.com/errata/RHSA-2014:0908
RedHat Security Advisories: RHSA-2015:0264
http://rhn.redhat.com/errata/RHSA-2015-0264.html
http://secunia.com/advisories/59404
http://secunia.com/advisories/59680
http://secunia.com/advisories/59924
http://secunia.com/advisories/59985
http://secunia.com/advisories/59986
http://secunia.com/advisories/59987
http://secunia.com/advisories/60081
http://secunia.com/advisories/60245
http://secunia.com/advisories/60317
http://secunia.com/advisories/60622
http://secunia.com/advisories/60817
http://secunia.com/advisories/61577
http://secunia.com/advisories/61640
SuSE Security Announcement: SUSE-SU-2015:0344 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html
SuSE Security Announcement: SUSE-SU-2015:0376 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html
SuSE Security Announcement: SUSE-SU-2015:0392 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html
XForce ISS Database: oracle-cpujul2014-cve20144209(94596)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94596
Common Vulnerability Exposure (CVE) ID: CVE-2014-4216
BugTraq ID: 68562
http://www.securityfocus.com/bid/68562
XForce ISS Database: oracle-cpujul2014-cve20144216(94591)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94591
Common Vulnerability Exposure (CVE) ID: CVE-2014-4218
BugTraq ID: 68583
http://www.securityfocus.com/bid/68583
XForce ISS Database: oracle-cpujul2014-cve20144218(94599)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94599
Common Vulnerability Exposure (CVE) ID: CVE-2014-4219
BugTraq ID: 68620
http://www.securityfocus.com/bid/68620
XForce ISS Database: oracle-cpujul2014-cve20144219(94589)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94589
Common Vulnerability Exposure (CVE) ID: CVE-2014-4221
BugTraq ID: 68571
http://www.securityfocus.com/bid/68571
XForce ISS Database: oracle-cpujul2014-cve20144221(94604)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94604
Common Vulnerability Exposure (CVE) ID: CVE-2014-4223
BugTraq ID: 68590
http://www.securityfocus.com/bid/68590
XForce ISS Database: oracle-cpujul2014-cve20144223(94594)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94594
Common Vulnerability Exposure (CVE) ID: CVE-2014-4244
BugTraq ID: 68624
http://www.securityfocus.com/bid/68624
http://secunia.com/advisories/58830
http://secunia.com/advisories/59503
http://secunia.com/advisories/60002
http://secunia.com/advisories/60031
http://secunia.com/advisories/60032
http://secunia.com/advisories/60326
http://secunia.com/advisories/60335
http://secunia.com/advisories/60497
http://secunia.com/advisories/60831
http://secunia.com/advisories/60846
http://secunia.com/advisories/60890
http://secunia.com/advisories/61050
http://secunia.com/advisories/61215
http://secunia.com/advisories/61254
http://secunia.com/advisories/61264
http://secunia.com/advisories/61278
http://secunia.com/advisories/61293
http://secunia.com/advisories/61294
http://secunia.com/advisories/61417
http://secunia.com/advisories/61469
http://secunia.com/advisories/61846
http://secunia.com/advisories/62314
XForce ISS Database: oracle-cpujul2014-cve20144244(94605)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94605
Common Vulnerability Exposure (CVE) ID: CVE-2014-4252
BugTraq ID: 68642
http://www.securityfocus.com/bid/68642
XForce ISS Database: oracle-cpujul2014-cve20144252(94600)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94600
Common Vulnerability Exposure (CVE) ID: CVE-2014-4262
BugTraq ID: 68599
http://www.securityfocus.com/bid/68599
XForce ISS Database: oracle-cpujul2014-cve20144262(94595)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94595
Common Vulnerability Exposure (CVE) ID: CVE-2014-4263
BugTraq ID: 68636
http://www.securityfocus.com/bid/68636
http://secunia.com/advisories/60180
http://secunia.com/advisories/60839
http://secunia.com/advisories/62319
XForce ISS Database: oracle-cpujul2014-cve20144263(94606)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94606
Common Vulnerability Exposure (CVE) ID: CVE-2014-4266
BugTraq ID: 68596
http://www.securityfocus.com/bid/68596
XForce ISS Database: oracle-cpujul2014-cve20144266(94601)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94601
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.