Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871462
Category:Red Hat Local Security Checks
Title:RedHat Update for java-1.7.0-openjdk RHSA-2015:1920-01
Summary:The remote host is missing an update for the 'java-1.7.0-openjdk'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'java-1.7.0-openjdk'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.

Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization,
and 2D components in OpenJDK. An untrusted Java application or applet could
use these flaws to completely bypass Java sandbox restrictions.
(CVE-2015-4835, CVE-2015-4881, CVE-2015-4843, CVE-2015-4883, CVE-2015-4860,
CVE-2015-4805, CVE-2015-4844)

Multiple denial of service flaws were found in the JAXP component in
OpenJDK. A specially crafted XML file could cause a Java application using
JAXP to consume an excessive amount of CPU and memory when parsed.
(CVE-2015-4803, CVE-2015-4893, CVE-2015-4911)

It was discovered that the Security component in OpenJDK failed to properly
check if a certificate satisfied all defined constraints. In certain cases,
this could cause a Java application to accept an X.509 certificate which
does not meet requirements of the defined policy. (CVE-2015-4872)

Multiple flaws were found in the Libraries, 2D, CORBA, JAXP, JGSS, and RMI
components in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4806,
CVE-2015-4840, CVE-2015-4882, CVE-2015-4842, CVE-2015-4734, CVE-2015-4903)

Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the
CVE-2015-4806 issue.

Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website.

All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

Affected Software/OS:
java-1.7.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Server (v. 7),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-4734
BugTraq ID: 77192
http://www.securityfocus.com/bid/77192
Debian Security Information: DSA-3381 (Google Search)
http://www.debian.org/security/2015/dsa-3381
https://security.gentoo.org/glsa/201603-11
https://security.gentoo.org/glsa/201603-14
RedHat Security Advisories: RHSA-2015:1919
http://rhn.redhat.com/errata/RHSA-2015-1919.html
RedHat Security Advisories: RHSA-2015:1920
http://rhn.redhat.com/errata/RHSA-2015-1920.html
RedHat Security Advisories: RHSA-2015:1921
http://rhn.redhat.com/errata/RHSA-2015-1921.html
RedHat Security Advisories: RHSA-2015:1926
http://rhn.redhat.com/errata/RHSA-2015-1926.html
RedHat Security Advisories: RHSA-2015:1927
http://rhn.redhat.com/errata/RHSA-2015-1927.html
RedHat Security Advisories: RHSA-2015:1928
http://rhn.redhat.com/errata/RHSA-2015-1928.html
RedHat Security Advisories: RHSA-2015:2506
http://rhn.redhat.com/errata/RHSA-2015-2506.html
RedHat Security Advisories: RHSA-2015:2507
http://rhn.redhat.com/errata/RHSA-2015-2507.html
RedHat Security Advisories: RHSA-2015:2508
http://rhn.redhat.com/errata/RHSA-2015-2508.html
RedHat Security Advisories: RHSA-2015:2509
http://rhn.redhat.com/errata/RHSA-2015-2509.html
RedHat Security Advisories: RHSA-2016:1430
https://access.redhat.com/errata/RHSA-2016:1430
http://www.securitytracker.com/id/1033884
SuSE Security Announcement: SUSE-SU-2015:1874 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html
SuSE Security Announcement: SUSE-SU-2015:1875 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00001.html
SuSE Security Announcement: SUSE-SU-2015:2166 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
SuSE Security Announcement: SUSE-SU-2015:2168 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html
SuSE Security Announcement: SUSE-SU-2015:2182 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html
SuSE Security Announcement: SUSE-SU-2015:2192 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
SuSE Security Announcement: SUSE-SU-2015:2216 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html
SuSE Security Announcement: SUSE-SU-2015:2268 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html
SuSE Security Announcement: SUSE-SU-2016:0113 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
SuSE Security Announcement: openSUSE-SU-2015:1902 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00008.html
SuSE Security Announcement: openSUSE-SU-2015:1905 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html
SuSE Security Announcement: openSUSE-SU-2015:1906 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00010.html
SuSE Security Announcement: openSUSE-SU-2015:1971 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00019.html
SuSE Security Announcement: openSUSE-SU-2016:0270 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
http://www.ubuntu.com/usn/USN-2784-1
http://www.ubuntu.com/usn/USN-2827-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-4803
BugTraq ID: 77200
http://www.securityfocus.com/bid/77200
Common Vulnerability Exposure (CVE) ID: CVE-2015-4805
BugTraq ID: 77163
http://www.securityfocus.com/bid/77163
RedHat Security Advisories: RHSA-2015:2518
http://rhn.redhat.com/errata/RHSA-2015-2518.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-4806
BugTraq ID: 77126
http://www.securityfocus.com/bid/77126
Common Vulnerability Exposure (CVE) ID: CVE-2015-4835
BugTraq ID: 77148
http://www.securityfocus.com/bid/77148
Common Vulnerability Exposure (CVE) ID: CVE-2015-4840
BugTraq ID: 77242
http://www.securityfocus.com/bid/77242
Common Vulnerability Exposure (CVE) ID: CVE-2015-4842
BugTraq ID: 77154
http://www.securityfocus.com/bid/77154
Common Vulnerability Exposure (CVE) ID: CVE-2015-4843
BugTraq ID: 77160
http://www.securityfocus.com/bid/77160
Common Vulnerability Exposure (CVE) ID: CVE-2015-4844
BugTraq ID: 77164
http://www.securityfocus.com/bid/77164
Common Vulnerability Exposure (CVE) ID: CVE-2015-4860
BugTraq ID: 77162
http://www.securityfocus.com/bid/77162
Common Vulnerability Exposure (CVE) ID: CVE-2015-4872
BugTraq ID: 77211
http://www.securityfocus.com/bid/77211
Common Vulnerability Exposure (CVE) ID: CVE-2015-4881
BugTraq ID: 77159
http://www.securityfocus.com/bid/77159
Common Vulnerability Exposure (CVE) ID: CVE-2015-4882
BugTraq ID: 77181
http://www.securityfocus.com/bid/77181
Common Vulnerability Exposure (CVE) ID: CVE-2015-4883
BugTraq ID: 77161
http://www.securityfocus.com/bid/77161
Common Vulnerability Exposure (CVE) ID: CVE-2015-4893
BugTraq ID: 77207
http://www.securityfocus.com/bid/77207
Common Vulnerability Exposure (CVE) ID: CVE-2015-4903
BugTraq ID: 77194
http://www.securityfocus.com/bid/77194
Common Vulnerability Exposure (CVE) ID: CVE-2015-4911
BugTraq ID: 77209
http://www.securityfocus.com/bid/77209
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.