RHSA-2013:1455Low

Red Hat Security Advisory: Red Hat Network Satellite server IBM Java Runtime security update

Published
October 23, 2013
Last Modified
June 27, 2026

🔗 CVE IDs covered (158)

CVE-2013-0443CVE-2013-2433CVE-2013-2456CVE-2011-3546CVE-2012-1716CVE-2012-5081CVE-2013-2383CVE-2013-2420CVE-2013-2465CVE-2011-0814CVE-2011-3561CVE-2013-2384CVE-2013-2448CVE-2011-3521CVE-2012-3216CVE-2013-1476CVE-2013-1478CVE-2011-0862CVE-2011-3549CVE-2012-0505CVE-2013-0446CVE-2013-2407CVE-2013-2455CVE-2013-2473CVE-2011-0868CVE-2011-3550CVE-2012-5075CVE-2013-0401CVE-2013-0423CVE-2013-2430CVE-2013-2447CVE-2013-2468CVE-2012-0498CVE-2012-0547CVE-2012-1722CVE-2013-0434CVE-2013-0441CVE-2013-2422CVE-2013-2454CVE-2012-1532CVE-2012-5089CVE-2013-0419CVE-2013-1487CVE-2012-0499CVE-2013-0433CVE-2013-0438CVE-2013-0440CVE-2013-2469CVE-2011-0873CVE-2013-2466CVE-2011-3563CVE-2013-0424CVE-2013-2459CVE-2012-1713CVE-2012-5084CVE-2013-2429CVE-2013-2457CVE-2012-5069CVE-2013-0426CVE-2013-1473CVE-2011-5035CVE-2012-4820CVE-2012-5068CVE-2011-0865CVE-2013-0169CVE-2013-1491CVE-2011-0863CVE-2012-0500CVE-2013-0445CVE-2013-2471CVE-2011-0869CVE-2012-1541CVE-2013-0809CVE-2013-1480CVE-2013-1486CVE-2013-1571CVE-2013-2394CVE-2013-2464CVE-2011-3544CVE-2011-3553CVE-2012-1531CVE-2013-2417CVE-2013-2418CVE-2013-2424CVE-2013-2463CVE-2011-0802CVE-2012-5083CVE-2013-1537CVE-2013-1569CVE-2011-0871CVE-2011-3389CVE-2011-3516CVE-2011-3548CVE-2013-0409CVE-2013-1481CVE-2013-3743CVE-2011-3554CVE-2013-0425CVE-2013-2437CVE-2012-1719CVE-2011-0867CVE-2012-3342CVE-2012-4823CVE-2012-5073CVE-2013-0432CVE-2013-2412CVE-2013-2440CVE-2013-0351CVE-2013-0428CVE-2013-1563CVE-2013-2446CVE-2013-2472CVE-2011-3547CVE-2012-3213CVE-2013-2432CVE-2013-2443CVE-2012-0502CVE-2012-0506CVE-2012-1725CVE-2013-0427CVE-2013-1540CVE-2012-3159CVE-2013-1557CVE-2013-2444CVE-2013-2453CVE-2013-2470CVE-2011-3552CVE-2012-1718CVE-2012-5071CVE-2013-0435CVE-2012-0507CVE-2013-2435CVE-2012-1717CVE-2011-3551CVE-2012-0551CVE-2012-1533CVE-2012-4822CVE-2011-3545CVE-2012-0503CVE-2013-0450CVE-2013-2419CVE-2011-3557CVE-2011-3560CVE-2012-0501CVE-2012-3143CVE-2013-0442CVE-2013-2451CVE-2013-2452CVE-2011-3556CVE-2012-0497CVE-2012-5072CVE-2013-1493CVE-2013-1500CVE-2013-2442CVE-2013-2450CVE-2012-1682CVE-2012-1721CVE-2012-5079

📋 Description

CVE-2011-0802 — JDK: unspecified vulnerabilities fixed in 6u26 (Sound) CVE-2011-0814 — JDK: unspecified vulnerabilities fixed in 6u26 (Sound) CVE-2011-0862 — OpenJDK: integer overflows in JPEGImageReader and font SunLayoutEngine (2D, 7013519) CVE-2011-0863 — JDK: unspecified vulnerability fixed in 6u26 (Deployment) CVE-2011-0865 — OpenJDK: Deserialization allows creation of mutable SignedObject (Deserialization, 6618658) CVE-2011-0867 — OpenJDK: NetworkInterface information leak (Networking, 7013969) CVE-2011-0868 — OpenJDK: incorrect numeric type conversion in TransformHelper (2D, 7016495) CVE-2011-0869 — OpenJDK: unprivileged proxy settings change via SOAPConnection (SAAJ, 7013971) CVE-2011-0871 — OpenJDK: MediaTracker created Component instances with unnecessary privileges (Swing, 7020198) CVE-2011-0873 — JDK: unspecified vulnerability fixed in 6u26 (2D) CVE-2011-3389 — HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) CVE-2011-3516 — JDK: unspecified vulnerability fixed in 6u29 (Deployment) CVE-2011-3521 — OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) CVE-2011-3544 — OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) CVE-2011-3545 — JDK: unspecified vulnerability fixed in 6u29 (Sound) CVE-2011-3546 — JDK: unspecified vulnerability fixed in 6u29 (Deployment) CVE-2011-3547 — OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) CVE-2011-3548 — OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) CVE-2011-3549 — JDK: unspecified vulnerability fixed in 6u29 (Swing) CVE-2011-3550 — JDK: unspecified vulnerability fixed in 6u29 (AWT) CVE-2011-3551 — OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) CVE-2011-3552 — OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) CVE-2011-3553 — OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) CVE-2011-3554 — OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) CVE-2011-3556 — OpenJDK: RMI DGC server remote code execution (RMI, 7077466) CVE-2011-3557 — OpenJDK: RMI registry privileged code execution (RMI, 7083012) CVE-2011-3560 — OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) CVE-2011-3561 — JDK: unspecified vulnerability fixed in 6u29 (Deployment) CVE-2011-3563 — OpenJDK: JavaSound incorrect bounds check (Sound, 7088367) CVE-2011-5035 — GlassFish: hash table collisions CPU usage DoS (oCERT-2011-003) CVE-2012-0497 — OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642) CVE-2012-0498 — JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D) CVE-2012-0499 — JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D) CVE-2012-0500 — JDK: unspecified vulnerability fixed in 6u31 and 7u3 (Deployment) CVE-2012-0501 — OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283) CVE-2012-0502 — OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683) CVE-2012-0503 — OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687) CVE-2012-0505 — OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700) CVE-2012-0506 — OpenJDK: mutable repository identifiers (CORBA, 7110704) CVE-2012-0507 — OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299) CVE-2012-0547 — OpenJDK: AWT hardening fixes (AWT, 7163201) CVE-2012-0551 — JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment) CVE-2012-1531 — JDK: unspecified vulnerability (2D) CVE-2012-1532 — JDK: unspecified vulnerability (Deployment) CVE-2012-1533 — JDK: unspecified vulnerability (Deployment) CVE-2012-1541 — JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) CVE-2012-1682 — OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476) CVE-2012-1713 — OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617) CVE-2012-1716 — OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614) CVE-2012-1717 — OpenJDK: insecure temporary file permissions (JRE, 7143606) CVE-2012-1718 — OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872) CVE-2012-1719 — OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851) CVE-2012-1721 — JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment) CVE-2012-1722 — JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment) CVE-2012-1725 — OpenJDK: insufficient invokespecial verification (HotSpot, 7160757) CVE-2012-3143 — JDK: unspecified vulnerability (JMX) CVE-2012-3159 — JDK: unspecified vulnerability (Deployment) CVE-2012-3213 — JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Scripting) CVE-2012-3216 — OpenJDK: java.io.FilePermission information leak (Libraries, 6631398) CVE-2012-3342 — JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) CVE-2012-4820 — JDK: java.lang.reflect.Method invoke() code execution CVE-2012-4822 — JDK: java.lang.class code execution CVE-2012-4823 — JDK: java.lang.ClassLoder defineClass() code execution CVE-2012-5068 — OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535) CVE-2012-5069 — OpenJDK: Executors state handling issues (Concurrency, 7189103) CVE-2012-5071 — OpenJDK: DescriptorSupport insufficient package access checks (JMX, 7192975) CVE-2012-5072 — OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522) CVE-2012-5073 — OpenJDK: LogManager security bypass (Libraries, 7169884) CVE-2012-5075 — OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888) CVE-2012-5079 — OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919) CVE-2012-5081 — OpenJDK: JSSE denial of service (JSSE, 7186286) CVE-2012-5083 — JDK: unspecified vulnerability (2D) CVE-2012-5084 — OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194) CVE-2012-5089 — OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296) CVE-2013-0169 — SSL/TLS: CBC padding timing attack (lucky-13) CVE-2013-0351 — JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) CVE-2013-0401 — OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305) CVE-2013-0409 — JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX) CVE-2013-0419 — JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) CVE-2013-0423 — JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) CVE-2013-0424 — OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318) CVE-2013-0425 — OpenJDK: logging insufficient access control checks (Libraries, 6664509) CVE-2013-0426 — OpenJDK: logging insufficient access control checks (Libraries, 6664528) CVE-2013-0427 — OpenJDK: invalid threads subject to interrupts (Libraries, 6776941) CVE-2013-0428 — OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29) CVE-2013-0432 — OpenJDK: insufficient clipboard access premission checks (AWT, 7186952) CVE-2013-0433 — OpenJDK: InetSocketAddress serialization issue (Networking, 7201071) CVE-2013-0434 — OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235) CVE-2013-0435 — OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068) CVE-2013-0438 — JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) CVE-2013-0440 — OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393) CVE-2013-0441 — OpenJDK: missing serialization restriction (CORBA, 7201066) CVE-2013-0442 — OpenJDK: insufficient privilege checking issue (AWT, 7192977) CVE-2013-0443 — OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392) CVE-2013-0445 — OpenJDK: insufficient privilege checking issue (AWT, 8001057) CVE-2013-0446 — JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) CVE-2013-0450 — OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537) CVE-2013-0809 — OpenJDK: Specially crafted sample model integer overflow (2D, 8007014) CVE-2013-1473 — JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) CVE-2013-1476 — OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631) CVE-2013-1478 — OpenJDK: image parser insufficient raster parameter checks (2D, 8001972) CVE-2013-1480 — OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325) CVE-2013-1481 — JDK: unspecified vulnerability fixed in 6u39 (Sound) CVE-2013-1486 — OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446) CVE-2013-1487 — JDK: unspecified vulnerability fixed in 6u41 and 7u15 (Deployment) CVE-2013-1491 — JDK: unspecified sanbox bypass (CanSecWest 2013, 2D) CVE-2013-1493 — OpenJDK: CMM malformed raster memory corruption (2D, 8007675) CVE-2013-1500 — OpenJDK: Insecure shared memory permissions (2D, 8001034) CVE-2013-1537 — OpenJDK: remote code loading enabled by default (RMI, 8001040) CVE-2013-1540 — JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment) CVE-2013-1557 — OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329) CVE-2013-1563 — JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Install) CVE-2013-1569 — ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004994) CVE-2013-1571 — OpenJDK: Frame injection in generated HTML (Javadoc, 8012375) CVE-2013-2383 — ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004986) CVE-2013-2384 — ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004987) CVE-2013-2394 — JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D) CVE-2013-2407 — OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744) CVE-2013-2412 — OpenJDK: JConsole SSL support (Serviceability, 8003703) CVE-2013-2417 — OpenJDK: Network InetAddress serialization information disclosure (Networking, 8000724) CVE-2013-2418 — JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment) CVE-2013-2419 — ICU: Layout Engine font processing errors (JDK 2D, 8001031) CVE-2013-2420 — OpenJDK: image processing vulnerability (2D, 8007617) CVE-2013-2422 — OpenJDK: MethodUtil trampoline class incorrect restrictions (Libraries, 8009857) CVE-2013-2424 — OpenJDK: MBeanInstantiator insufficient class access checks (JMX, 8006435) CVE-2013-2429 — OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918) CVE-2013-2430 — OpenJDK: JPEGImageReader state corruption (ImageIO, 8007667) CVE-2013-2432 — JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D) CVE-2013-2433 — JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment) CVE-2013-2435 — JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment) CVE-2013-2437 — JDK: unspecified vulnerability fixed in 7u25 (Deployment) CVE-2013-2440 — JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment) CVE-2013-2442 — JDK: unspecified vulnerability fixed in 7u25 (Deployment) CVE-2013-2443 — OpenJDK: AccessControlContext check order issue (Libraries, 8001330) CVE-2013-2444 — OpenJDK: Resource denial of service (AWT, 8001038) CVE-2013-2446 — OpenJDK: output stream access restrictions (CORBA, 8000642) CVE-2013-2447 — OpenJDK: Prevent revealing the local address (Networking, 8001318) CVE-2013-2448 — OpenJDK: Better access restrictions (Sound, 8006328) CVE-2013-2450 — OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638) CVE-2013-2451 — OpenJDK: exclusive port binding (Networking, 7170730) CVE-2013-2452 — OpenJDK: Unique VMIDs (Libraries, 8001033) CVE-2013-2453 — OpenJDK: MBeanServer Introspector package access (JMX, 8008124) CVE-2013-2454 — OpenJDK: SerialJavaObject package restriction (JDBC, 8009554) CVE-2013-2455 — OpenJDK: getEnclosing* checks (Libraries, 8007812) CVE-2013-2456 — OpenJDK: ObjectOutputStream access checks (Serialization, 8008132) CVE-2013-2457 — OpenJDK: Proper class checking (JMX, 8008120) CVE-2013-2459 — OpenJDK: Various AWT integer overflow checks (AWT, 8009071) CVE-2013-2463 — OpenJDK: Incorrect image attribute verification (2D, 8012438) CVE-2013-2464 — JDK: unspecified vulnerability fixed in 7u25 (2D) CVE-2013-2465 — OpenJDK: Incorrect image channel verification (2D, 8012597) CVE-2013-2466 — JDK: unspecified vulnerability fixed in 7u25 (Deployment) CVE-2013-2468 — JDK: unspecified vulnerability fixed in 7u25 (Deployment) CVE-2013-2469 — OpenJDK: Incorrect image layout verification (2D, 8012601) CVE-2013-2470 — OpenJDK: ImagingLib byte lookup processing (2D, 8011243) CVE-2013-2471 — OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248) CVE-2013-2472 — OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253) CVE-2013-2473 — OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257) CVE-2013-3743 — JDK: unspecified vulnerability fixed in 6u51 and 5u51 (AWT)

🔗 References (160)