Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871260
Category:Red Hat Local Security Checks
Title:RedHat Update for java-1.7.0-openjdk RHSA-2014:1633-01
Summary:The remote host is missing an update for the 'java-1.7.0-openjdk'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'java-1.7.0-openjdk'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.

Multiple flaws were discovered in the Libraries, 2D, and Hotspot components
in OpenJDK. An untrusted Java application or applet could use these flaws
to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531,
CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519)

It was discovered that the StAX XML parser in the JAXP component in OpenJDK
performed expansion of external parameter entities even when external
entity substitution was disabled. A remote attacker could use this flaw to
perform XML eXternal Entity (XXE) attack against applications using the
StAX parser to parse untrusted XML documents. (CVE-2014-6517)

It was discovered that the DatagramSocket implementation in OpenJDK failed
to perform source address checks for packets received on a connected
socket. A remote attacker could use this flaw to have their packets
processed as if they were received from the expected source.
(CVE-2014-6512)

It was discovered that the TLS/SSL implementation in the JSSE component in
OpenJDK failed to properly verify the server identity during the
renegotiation following session resumption, making it possible for
malicious TLS/SSL servers to perform a Triple Handshake attack against
clients using JSSE and client certificate authentication. (CVE-2014-6457)

It was discovered that the CipherInputStream class implementation in
OpenJDK did not properly handle certain exceptions. This could possibly
allow an attacker to affect the integrity of an encrypted stream handled by
this class. (CVE-2014-6558)

The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product
Security.

This update also fixes the following bug:

* The TLS/SSL implementation in OpenJDK previously failed to handle
Diffie-Hellman (DH) keys with more than 1024 bits. This caused client
applications using JSSE to fail to establish TLS/SSL connections to servers
using larger DH keys during the connection handshake. This update adds
support for DH keys with size up to 2048 bits. (BZ#1148309)

All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

Affected Software/OS:
java-1.7.0-openjdk on Red Hat Enterprise Linux (v. 5 server)

Solution:
Please Install the Updated Packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-6457
BugTraq ID: 70538
http://www.securityfocus.com/bid/70538
Debian Security Information: DSA-3077 (Google Search)
http://www.debian.org/security/2014/dsa-3077
Debian Security Information: DSA-3080 (Google Search)
http://www.debian.org/security/2014/dsa-3080
http://security.gentoo.org/glsa/glsa-201502-12.xml
HPdes Security Advisory: HPSBUX03218
http://marc.info/?l=bugtraq&m=141775382904016&w=2
HPdes Security Advisory: SSRT101770
RedHat Security Advisories: RHSA-2014:1620
http://rhn.redhat.com/errata/RHSA-2014-1620.html
RedHat Security Advisories: RHSA-2014:1633
http://rhn.redhat.com/errata/RHSA-2014-1633.html
RedHat Security Advisories: RHSA-2014:1634
http://rhn.redhat.com/errata/RHSA-2014-1634.html
RedHat Security Advisories: RHSA-2014:1636
http://rhn.redhat.com/errata/RHSA-2014-1636.html
RedHat Security Advisories: RHSA-2014:1657
http://rhn.redhat.com/errata/RHSA-2014-1657.html
RedHat Security Advisories: RHSA-2014:1658
http://rhn.redhat.com/errata/RHSA-2014-1658.html
RedHat Security Advisories: RHSA-2014:1876
http://rhn.redhat.com/errata/RHSA-2014-1876.html
RedHat Security Advisories: RHSA-2014:1877
http://rhn.redhat.com/errata/RHSA-2014-1877.html
RedHat Security Advisories: RHSA-2014:1880
http://rhn.redhat.com/errata/RHSA-2014-1880.html
RedHat Security Advisories: RHSA-2014:1881
http://rhn.redhat.com/errata/RHSA-2014-1881.html
RedHat Security Advisories: RHSA-2014:1882
http://rhn.redhat.com/errata/RHSA-2014-1882.html
RedHat Security Advisories: RHSA-2015:0264
http://rhn.redhat.com/errata/RHSA-2015-0264.html
http://secunia.com/advisories/60414
http://secunia.com/advisories/60416
http://secunia.com/advisories/60417
http://secunia.com/advisories/61018
http://secunia.com/advisories/61020
http://secunia.com/advisories/61143
http://secunia.com/advisories/61163
http://secunia.com/advisories/61164
http://secunia.com/advisories/61346
http://secunia.com/advisories/61609
http://secunia.com/advisories/61629
http://secunia.com/advisories/61631
http://secunia.com/advisories/61635
http://secunia.com/advisories/61928
SuSE Security Announcement: SUSE-SU-2014:1422 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00013.html
SuSE Security Announcement: SUSE-SU-2014:1526 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html
SuSE Security Announcement: SUSE-SU-2014:1549 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html
SuSE Security Announcement: SUSE-SU-2015:0344 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html
SuSE Security Announcement: SUSE-SU-2015:0345 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html
SuSE Security Announcement: SUSE-SU-2015:0376 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html
SuSE Security Announcement: SUSE-SU-2015:0392 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html
http://www.ubuntu.com/usn/USN-2386-1
http://www.ubuntu.com/usn/USN-2388-1
http://www.ubuntu.com/usn/USN-2388-2
Common Vulnerability Exposure (CVE) ID: CVE-2014-6502
BugTraq ID: 70533
http://www.securityfocus.com/bid/70533
Common Vulnerability Exposure (CVE) ID: CVE-2014-6504
BugTraq ID: 70564
http://www.securityfocus.com/bid/70564
Common Vulnerability Exposure (CVE) ID: CVE-2014-6506
BugTraq ID: 70556
http://www.securityfocus.com/bid/70556
Common Vulnerability Exposure (CVE) ID: CVE-2014-6511
BugTraq ID: 70548
http://www.securityfocus.com/bid/70548
Common Vulnerability Exposure (CVE) ID: CVE-2014-6512
BugTraq ID: 70567
http://www.securityfocus.com/bid/70567
Common Vulnerability Exposure (CVE) ID: CVE-2014-6517
BugTraq ID: 70552
http://www.securityfocus.com/bid/70552
Common Vulnerability Exposure (CVE) ID: CVE-2014-6519
BugTraq ID: 70570
http://www.securityfocus.com/bid/70570
Common Vulnerability Exposure (CVE) ID: CVE-2014-6531
BugTraq ID: 70572
http://www.securityfocus.com/bid/70572
Common Vulnerability Exposure (CVE) ID: CVE-2014-6558
BugTraq ID: 70544
http://www.securityfocus.com/bid/70544
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.