RHSA-2014:0136High

Red Hat Security Advisory: java-1.5.0-ibm security update

Published
February 4, 2014
Last Modified
June 27, 2026

🔗 CVE IDs covered (11)

📋 Description

CVE-2013-4578 — OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars CVE-2013-5907 — ICU: Layout Engine LookupProcessor insufficient input checks (JDK 2D, 8025034) CVE-2014-0368 — OpenJDK: insufficient Socket checkListen checks (Networking, 8011786) CVE-2014-0373 — OpenJDK: SnmpStatusException handling issues (Serviceability, 7068126) CVE-2014-0376 — OpenJDK: document builder missing security checks (JAXP, 8027201, 8025018) CVE-2014-0411 — OpenJDK: TLS/SSL handshake timing issues (JSSE, 8023069) CVE-2014-0416 — OpenJDK: insecure subject principals set handling (JAAS, 8024306) CVE-2014-0417 — JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (2D) CVE-2014-0422 — OpenJDK: insufficient package access checks in the Naming component (JNDI, 8025758) CVE-2014-0423 — OpenJDK: XXE issue in decoder (Beans, 8023245) CVE-2014-0428 — OpenJDK: insufficient security checks in IIOP streams (CORBA, 8025767)

🔗 References (14)