Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Update for java-1.8.0-openjdk RHSA-2014:1636-01
Summary:The remote host is missing an update for the 'java-1.8.0-openjdk'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'java-1.8.0-openjdk'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime
Environment and the OpenJDK 8 Java Software Development Kit.

It was discovered that the Libraries component in OpenJDK failed to
properly handle ZIP archives that contain entries with a NUL byte used in
the file names. An untrusted Java application or applet could use this flaw
to bypass Java sandbox restrictions. (CVE-2014-6562)

Multiple flaws were discovered in the Libraries, 2D, and Hotspot components
in OpenJDK. An untrusted Java application or applet could use these flaws
to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531,
CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519)

It was discovered that the StAX XML parser in the JAXP component in OpenJDK
performed expansion of external parameter entities even when external
entity substitution was disabled. A remote attacker could use this flaw to
perform XML eXternal Entity (XXE) attack against applications using the
StAX parser to parse untrusted XML documents. (CVE-2014-6517)

It was discovered that the Hotspot component in OpenJDK failed to properly
handle malformed Shared Archive files. A local attacker able to modify a
Shared Archive file used by a virtual machine of a different user could
possibly use this flaw to escalate their privileges. (CVE-2014-6468)

It was discovered that the DatagramSocket implementation in OpenJDK failed
to perform source address checks for packets received on a connected
socket. A remote attacker could use this flaw to have their packets
processed as if they were received from the expected source.

It was discovered that the TLS/SSL implementation in the JSSE component in
OpenJDK failed to properly verify the server identity during the
renegotiation following session resumption, making it possible for
malicious TLS/SSL servers to perform a Triple Handshake attack against
clients using JSSE and client certificate authentication. (CVE-2014-6457)

It was discovered that the CipherInputStream class implementation in
OpenJDK did not properly handle certain exceptions. This could possibly
allow an attacker to affect the integrity of an encrypted stream handled by
this class. (CVE-2014-6558)

The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product

All users of java-1.8.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

Affected Software/OS:
java-1.8.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Please Install the Updated Packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-6457
BugTraq ID: 70538
Debian Security Information: DSA-3077 (Google Search)
Debian Security Information: DSA-3080 (Google Search)
HPdes Security Advisory: HPSBUX03218
HPdes Security Advisory: SSRT101770
RedHat Security Advisories: RHSA-2014:1620
RedHat Security Advisories: RHSA-2014:1633
RedHat Security Advisories: RHSA-2014:1634
RedHat Security Advisories: RHSA-2014:1636
RedHat Security Advisories: RHSA-2014:1657
RedHat Security Advisories: RHSA-2014:1658
RedHat Security Advisories: RHSA-2014:1876
RedHat Security Advisories: RHSA-2014:1877
RedHat Security Advisories: RHSA-2014:1880
RedHat Security Advisories: RHSA-2014:1881
RedHat Security Advisories: RHSA-2014:1882
RedHat Security Advisories: RHSA-2015:0264
SuSE Security Announcement: SUSE-SU-2014:1422 (Google Search)
SuSE Security Announcement: SUSE-SU-2014:1526 (Google Search)
SuSE Security Announcement: SUSE-SU-2014:1549 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:0344 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:0345 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:0376 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:0392 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2014-6468
BugTraq ID: 70488
Common Vulnerability Exposure (CVE) ID: CVE-2014-6502
BugTraq ID: 70533
Common Vulnerability Exposure (CVE) ID: CVE-2014-6504
BugTraq ID: 70564
Common Vulnerability Exposure (CVE) ID: CVE-2014-6506
BugTraq ID: 70556
Common Vulnerability Exposure (CVE) ID: CVE-2014-6511
BugTraq ID: 70548
Common Vulnerability Exposure (CVE) ID: CVE-2014-6512
BugTraq ID: 70567
Common Vulnerability Exposure (CVE) ID: CVE-2014-6517
BugTraq ID: 70552
Common Vulnerability Exposure (CVE) ID: CVE-2014-6519
BugTraq ID: 70570
Common Vulnerability Exposure (CVE) ID: CVE-2014-6531
BugTraq ID: 70572
Common Vulnerability Exposure (CVE) ID: CVE-2014-6558
BugTraq ID: 70544
Common Vulnerability Exposure (CVE) ID: CVE-2014-6562
BugTraq ID: 70523
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.