Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Update for java-1.7.0-openjdk RHSA-2014:0890-01
Summary:The remote host is missing an update for the 'java-1.7.0-openjdk'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'java-1.7.0-openjdk'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.

It was discovered that the Hotspot component in OpenJDK did not properly
verify bytecode from the class files. An untrusted Java application or
applet could possibly use these flaws to bypass Java sandbox restrictions.
(CVE-2014-4216, CVE-2014-4219)

A format string flaw was discovered in the Hotspot component event logger
in OpenJDK. An untrusted Java application or applet could use this flaw to
crash the Java Virtual Machine or, potentially, execute arbitrary code with
the privileges of the Java Virtual Machine. (CVE-2014-2490)

Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-4223,
CVE-2014-4262, CVE-2014-2483)

Multiple flaws were discovered in the JMX, Libraries, Security, and
Serviceability components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass certain Java sandbox restrictions.
(CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266)

It was discovered that the RSA algorithm in the Security component in
OpenJDK did not sufficiently perform blinding while performing operations
that were using private keys. An attacker able to measure timing
differences of those operations could possibly leak information about the
used keys. (CVE-2014-4244)

The Diffie-Hellman (DH) key exchange algorithm implementation in the
Security component in OpenJDK failed to validate public DH parameters
properly. This could cause OpenJDK to accept and use weak parameters,
allowing an attacker to recover the negotiated key. (CVE-2014-4263)

The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat
Product Security.

All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

Affected Software/OS:
java-1.7.0-openjdk on Red Hat Enterprise Linux (v. 5 server)

Please Install the Updated Packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-2483
BugTraq ID: 68608
Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search)
Debian Security Information: DSA-2987 (Google Search)
HPdes Security Advisory: HPSBUX03091
HPdes Security Advisory: SSRT101667
RedHat Security Advisories: RHSA-2014:0902
Common Vulnerability Exposure (CVE) ID: CVE-2014-2490
BugTraq ID: 68645
Debian Security Information: DSA-2980 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2014-4209
BugTraq ID: 68639
HPdes Security Advisory: HPSBUX03092
HPdes Security Advisory: SSRT101668
RedHat Security Advisories: RHSA-2014:0908
RedHat Security Advisories: RHSA-2015:0264
SuSE Security Announcement: SUSE-SU-2015:0344 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:0376 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:0392 (Google Search)
XForce ISS Database: oracle-cpujul2014-cve20144209(94596)
Common Vulnerability Exposure (CVE) ID: CVE-2014-4216
BugTraq ID: 68562
XForce ISS Database: oracle-cpujul2014-cve20144216(94591)
Common Vulnerability Exposure (CVE) ID: CVE-2014-4218
BugTraq ID: 68583
XForce ISS Database: oracle-cpujul2014-cve20144218(94599)
Common Vulnerability Exposure (CVE) ID: CVE-2014-4219
BugTraq ID: 68620
XForce ISS Database: oracle-cpujul2014-cve20144219(94589)
Common Vulnerability Exposure (CVE) ID: CVE-2014-4221
BugTraq ID: 68571
XForce ISS Database: oracle-cpujul2014-cve20144221(94604)
Common Vulnerability Exposure (CVE) ID: CVE-2014-4223
BugTraq ID: 68590
XForce ISS Database: oracle-cpujul2014-cve20144223(94594)
Common Vulnerability Exposure (CVE) ID: CVE-2014-4244
BugTraq ID: 68624
XForce ISS Database: oracle-cpujul2014-cve20144244(94605)
Common Vulnerability Exposure (CVE) ID: CVE-2014-4252
BugTraq ID: 68642
XForce ISS Database: oracle-cpujul2014-cve20144252(94600)
Common Vulnerability Exposure (CVE) ID: CVE-2014-4262
BugTraq ID: 68599
XForce ISS Database: oracle-cpujul2014-cve20144262(94595)
Common Vulnerability Exposure (CVE) ID: CVE-2014-4263
BugTraq ID: 68636
XForce ISS Database: oracle-cpujul2014-cve20144263(94606)
Common Vulnerability Exposure (CVE) ID: CVE-2014-4266
BugTraq ID: 68596
XForce ISS Database: oracle-cpujul2014-cve20144266(94601)
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.