RHSA-2014:0414High

Red Hat Security Advisory: java-1.6.0-sun security update

Published
April 17, 2014
Last Modified
June 27, 2026

🔗 CVE IDs covered (127)

CVE-2013-5780CVE-2013-5817CVE-2014-0456CVE-2014-2401CVE-2014-2414CVE-2013-2447CVE-2013-5772CVE-2013-5801CVE-2013-5902CVE-2014-0428CVE-2014-0446CVE-2013-2442CVE-2013-5774CVE-2013-5812CVE-2014-0416CVE-2014-0458CVE-2013-2437CVE-2013-2450CVE-2013-2471CVE-2013-5848CVE-2013-5899CVE-2013-5907CVE-2013-5820CVE-2014-1876CVE-2014-2423CVE-2013-2446CVE-2013-5814CVE-2013-2451CVE-2013-3743CVE-2013-5840CVE-2014-2403CVE-2014-2428CVE-2013-1500CVE-2013-5843CVE-2014-0410CVE-2014-2412CVE-2013-2412CVE-2013-5797CVE-2013-5878CVE-2013-2453CVE-2013-2461CVE-2013-5823CVE-2014-2420CVE-2013-2466CVE-2013-2473CVE-2013-4002CVE-2013-5804CVE-2014-0368CVE-2014-0417CVE-2014-0449CVE-2013-2465CVE-2013-5824CVE-2013-5910CVE-2014-0423CVE-2013-2448CVE-2013-2459CVE-2013-5818CVE-2013-5849CVE-2013-3829CVE-2013-5819CVE-2013-5842CVE-2013-6629CVE-2014-2427CVE-2013-2472CVE-2013-5784CVE-2013-5790CVE-2013-5803CVE-2013-5831CVE-2014-0387CVE-2014-0415CVE-2014-0424CVE-2014-0422CVE-2014-0451CVE-2014-0453CVE-2013-5905CVE-2014-0461CVE-2014-2421CVE-2013-2463CVE-2013-5776CVE-2013-5778CVE-2013-5884CVE-2013-5888CVE-2013-5896CVE-2013-5830CVE-2013-5887CVE-2014-0411CVE-2013-2407CVE-2013-2452CVE-2013-5802CVE-2013-5889CVE-2013-2444CVE-2013-2454CVE-2013-5783CVE-2013-2469CVE-2013-5787CVE-2013-5832CVE-2013-2456CVE-2013-2468CVE-2013-5829CVE-2014-0376CVE-2013-1571CVE-2013-4578CVE-2013-6954CVE-2014-0375CVE-2013-5789CVE-2013-2470CVE-2014-0460CVE-2013-2457CVE-2013-5782CVE-2013-5898CVE-2014-0373CVE-2014-0418CVE-2013-2455CVE-2013-5850CVE-2014-0403CVE-2014-0457CVE-2013-2443CVE-2013-2464CVE-2013-5825CVE-2014-2398CVE-2014-2409CVE-2013-2445CVE-2013-5809CVE-2013-5852CVE-2014-0452CVE-2013-5906CVE-2014-0429

📋 Description

CVE-2013-1500 — OpenJDK: Insecure shared memory permissions (2D, 8001034) CVE-2013-1571 — OpenJDK: Frame injection in generated HTML (Javadoc, 8012375) CVE-2013-2407 — OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744) CVE-2013-2412 — OpenJDK: JConsole SSL support (Serviceability, 8003703) CVE-2013-2437 — JDK: unspecified vulnerability fixed in 7u25 (Deployment) CVE-2013-2442 — JDK: unspecified vulnerability fixed in 7u25 (Deployment) CVE-2013-2443 — OpenJDK: AccessControlContext check order issue (Libraries, 8001330) CVE-2013-2444 — OpenJDK: Resource denial of service (AWT, 8001038) CVE-2013-2445 — OpenJDK: Better handling of memory allocation errors (Hotspot, 7158805) CVE-2013-2446 — OpenJDK: output stream access restrictions (CORBA, 8000642) CVE-2013-2447 — OpenJDK: Prevent revealing the local address (Networking, 8001318) CVE-2013-2448 — OpenJDK: Better access restrictions (Sound, 8006328) CVE-2013-2450 — OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638) CVE-2013-2451 — OpenJDK: exclusive port binding (Networking, 7170730) CVE-2013-2452 — OpenJDK: Unique VMIDs (Libraries, 8001033) CVE-2013-2453 — OpenJDK: MBeanServer Introspector package access (JMX, 8008124) CVE-2013-2454 — OpenJDK: SerialJavaObject package restriction (JDBC, 8009554) CVE-2013-2455 — OpenJDK: getEnclosing* checks (Libraries, 8007812) CVE-2013-2456 — OpenJDK: ObjectOutputStream access checks (Serialization, 8008132) CVE-2013-2457 — OpenJDK: Proper class checking (JMX, 8008120) CVE-2013-2459 — OpenJDK: Various AWT integer overflow checks (AWT, 8009071) CVE-2013-2461 — OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281) CVE-2013-2463 — OpenJDK: Incorrect image attribute verification (2D, 8012438) CVE-2013-2464 — JDK: unspecified vulnerability fixed in 7u25 (2D) CVE-2013-2465 — OpenJDK: Incorrect image channel verification (2D, 8012597) CVE-2013-2466 — JDK: unspecified vulnerability fixed in 7u25 (Deployment) CVE-2013-2468 — JDK: unspecified vulnerability fixed in 7u25 (Deployment) CVE-2013-2469 — OpenJDK: Incorrect image layout verification (2D, 8012601) CVE-2013-2470 — OpenJDK: ImagingLib byte lookup processing (2D, 8011243) CVE-2013-2471 — OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248) CVE-2013-2472 — OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253) CVE-2013-2473 — OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257) CVE-2013-3743 — JDK: unspecified vulnerability fixed in 6u51 and 5u51 (AWT) CVE-2013-3829 — OpenJDK: java.util.TimeZone does not restrict setting of default time zone (Libraries, 8001029) CVE-2013-4002 — OpenJDK: XML parsing Denial of Service (JAXP, 8017298) CVE-2013-4578 — OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars CVE-2013-5772 — OpenJDK: insufficient html escaping in jhat (jhat, 8011081) CVE-2013-5774 — OpenJDK: Inet6Address class IPv6 address processing errors (Libraries, 8015743) CVE-2013-5776 — JDK: unspecified vulnerability fixed in 7u45 (Deployment) CVE-2013-5778 — OpenJDK: image conversion out of bounds read (2D, 8014102) CVE-2013-5780 — OpenJDK: key data leak via toString() methods (Libraries, 8011071) CVE-2013-5782 — OpenJDK: Incorrect awt_getPixelByte/awt_getPixelShort/awt_setPixelByte/awt_setPixelShort image raster checks (2D, 8014093) CVE-2013-5783 — OpenJDK: JTable not properly performing certain access checks (Swing, 8013744) CVE-2013-5784 — OpenJDK: insufficient InterfaceImplementor security checks (Scripting, 8017299) CVE-2013-5787 — JDK: unspecified vulnerability fixed in 7u45 (Deployment) CVE-2013-5789 — JDK: unspecified vulnerability fixed in 7u45 (Deployment) CVE-2013-5790 — OpenJDK: insufficient security checks (Beans, 8012071) CVE-2013-5797 — OpenJDK: insufficient escaping of window title string (Javadoc, 8016675) CVE-2013-5801 — JDK: unspecified vulnerability fixed in 7u45 (2D) CVE-2013-5802 — OpenJDK: javax.xml.transform.TransformerFactory does not properly honor XMLConstants.FEATURE_SECURE_PROCESSING (JAXP, 8012425) CVE-2013-5803 — OpenJDK: insufficient checks of KDC replies (JGSS, 8014341) CVE-2013-5804 — OpenJDK: javac does not ignore certain ignorable characters (Javadoc, 8016653) CVE-2013-5809 — OpenJDK: JPEGImageReader and JPEGImageWriter missing band size checks (2D, 8013510) CVE-2013-5812 — JDK: unspecified vulnerability fixed in 7u45 (Deployment) CVE-2013-5814 — OpenJDK: RMIConnection stub missing permission check (CORBA, 8011157) CVE-2013-5817 — OpenJDK: VersionHelper12 does not honor modifyThreadGroup restriction (JNDI, 8013739) CVE-2013-5818 — JDK: unspecified vulnerability fixed in 7u45 (Deployment) CVE-2013-5819 — JDK: unspecified vulnerability fixed in 7u45 (Deployment) CVE-2013-5820 — OpenJDK: insufficient security checks (JAXWS, 8017505) CVE-2013-5823 — OpenJDK: com.sun.org.apache.xml.internal.security.utils.UnsyncByteArrayOutputStream Denial of Service (Security, 8021290) CVE-2013-5824 — JDK: unspecified vulnerability fixed in 7u45 (Deployment) CVE-2013-5825 — OpenJDK: XML parsing Denial of Service (JAXP, 8014530) CVE-2013-5829 — OpenJDK: Java2d Disposer security bypass (2D, 8017287) CVE-2013-5830 — OpenJDK: checkPackageAccess missing security check (Libraries, 8017291) CVE-2013-5831 — JDK: unspecified vulnerability fixed in 7u45 (Deployment) CVE-2013-5832 — JDK: unspecified vulnerability fixed in 7u45 (Deployment) CVE-2013-5840 — OpenJDK: getDeclaringClass() information leak (Libraries, 8014349) CVE-2013-5842 — OpenJDK: ObjectInputStream/ObjectOutputStream missing checks (Libraries, 8014987) CVE-2013-5843 — JDK: unspecified vulnerability fixed in 7u45 (2D) CVE-2013-5848 — JDK: unspecified vulnerability fixed in 7u45 (Deployment) CVE-2013-5849 — OpenJDK: insufficient DataFlavor security checks (AWT, 8012277) CVE-2013-5850 — OpenJDK: Missing CORBA security checks (Libraries, 8017196) CVE-2013-5852 — JDK: unspecified vulnerability fixed in 7u45 (Deployment) CVE-2013-5878 — OpenJDK: null xmlns handling issue (Security, 8025026) CVE-2013-5884 — OpenJDK: insufficient security checks in CORBA stub factories (CORBA, 8026193) CVE-2013-5887 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2013-5888 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2013-5889 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2013-5896 — OpenJDK: com.sun.corba.se. should be restricted package (CORBA, 8025022) CVE-2013-5898 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2013-5899 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2013-5902 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2013-5905 — JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (Install) CVE-2013-5906 — JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (Install) CVE-2013-5907 — ICU: Layout Engine LookupProcessor insufficient input checks (JDK 2D, 8025034) CVE-2013-5910 — OpenJDK: XML canonicalizer mutable strings passed to untrusted code (Security, 8026417) CVE-2013-6629 — libjpeg: information leak (read of uninitialized memory) CVE-2013-6954 — libpng: unhandled zero-length PLTE chunk or NULL palette CVE-2014-0368 — OpenJDK: insufficient Socket checkListen checks (Networking, 8011786) CVE-2014-0373 — OpenJDK: SnmpStatusException handling issues (Serviceability, 7068126) CVE-2014-0375 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2014-0376 — OpenJDK: document builder missing security checks (JAXP, 8027201, 8025018) CVE-2014-0387 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2014-0403 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2014-0410 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2014-0411 — OpenJDK: TLS/SSL handshake timing issues (JSSE, 8023069) CVE-2014-0415 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2014-0416 — OpenJDK: insecure subject principals set handling (JAAS, 8024306) CVE-2014-0417 — JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (2D) CVE-2014-0418 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2014-0422 — OpenJDK: insufficient package access checks in the Naming component (JNDI, 8025758) CVE-2014-0423 — OpenJDK: XXE issue in decoder (Beans, 8023245) CVE-2014-0424 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2014-0428 — OpenJDK: insufficient security checks in IIOP streams (CORBA, 8025767) CVE-2014-0429 — OpenJDK: Incorrect mlib/raster image validation (2D, 8027841) CVE-2014-0446 — OpenJDK: Protect logger handlers (Libraries, 8029740) CVE-2014-0449 — JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) CVE-2014-0451 — OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797) CVE-2014-0452 — OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801) CVE-2014-0453 — OpenJDK: RSA unpadding timing issues (Security, 8027766) CVE-2014-0456 — OpenJDK: System.arraycopy() element race condition (Hotspot, 8029858) CVE-2014-0457 — OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394) CVE-2014-0458 — OpenJDK: Activation framework default command map caching (JAX-WS, 8025152) CVE-2014-0460 — OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731) CVE-2014-0461 — OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794) CVE-2014-1876 — OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618) CVE-2014-2398 — OpenJDK: insufficient escaping of window title string (Javadoc, 8026736) CVE-2014-2401 — JDK: unspecified vulnerability fixed in 5.0u75, 6u75, 7u55 and 8u5 (2D) CVE-2014-2403 — OpenJDK: JAXP CharInfo file access restriction (JAXP, 8029282) CVE-2014-2409 — JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) CVE-2014-2412 — OpenJDK: AWT thread context handling (AWT, 8025010) CVE-2014-2414 — OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030) CVE-2014-2420 — JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) CVE-2014-2421 — OpenJDK: JPEG decoder input stream handling (2D, 8029854) CVE-2014-2423 — OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188) CVE-2014-2427 — OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163) CVE-2014-2428 — JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment)

🔗 References (133)