Red Hat Security Advisory: java-1.6.0-sun security update
🔗 CVE IDs covered (127)
📋 Description
CVE-2013-1500 — OpenJDK: Insecure shared memory permissions (2D, 8001034) CVE-2013-1571 — OpenJDK: Frame injection in generated HTML (Javadoc, 8012375) CVE-2013-2407 — OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744) CVE-2013-2412 — OpenJDK: JConsole SSL support (Serviceability, 8003703) CVE-2013-2437 — JDK: unspecified vulnerability fixed in 7u25 (Deployment) CVE-2013-2442 — JDK: unspecified vulnerability fixed in 7u25 (Deployment) CVE-2013-2443 — OpenJDK: AccessControlContext check order issue (Libraries, 8001330) CVE-2013-2444 — OpenJDK: Resource denial of service (AWT, 8001038) CVE-2013-2445 — OpenJDK: Better handling of memory allocation errors (Hotspot, 7158805) CVE-2013-2446 — OpenJDK: output stream access restrictions (CORBA, 8000642) CVE-2013-2447 — OpenJDK: Prevent revealing the local address (Networking, 8001318) CVE-2013-2448 — OpenJDK: Better access restrictions (Sound, 8006328) CVE-2013-2450 — OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638) CVE-2013-2451 — OpenJDK: exclusive port binding (Networking, 7170730) CVE-2013-2452 — OpenJDK: Unique VMIDs (Libraries, 8001033) CVE-2013-2453 — OpenJDK: MBeanServer Introspector package access (JMX, 8008124) CVE-2013-2454 — OpenJDK: SerialJavaObject package restriction (JDBC, 8009554) CVE-2013-2455 — OpenJDK: getEnclosing* checks (Libraries, 8007812) CVE-2013-2456 — OpenJDK: ObjectOutputStream access checks (Serialization, 8008132) CVE-2013-2457 — OpenJDK: Proper class checking (JMX, 8008120) CVE-2013-2459 — OpenJDK: Various AWT integer overflow checks (AWT, 8009071) CVE-2013-2461 — OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281) CVE-2013-2463 — OpenJDK: Incorrect image attribute verification (2D, 8012438) CVE-2013-2464 — JDK: unspecified vulnerability fixed in 7u25 (2D) CVE-2013-2465 — OpenJDK: Incorrect image channel verification (2D, 8012597) CVE-2013-2466 — JDK: unspecified vulnerability fixed in 7u25 (Deployment) CVE-2013-2468 — JDK: unspecified vulnerability fixed in 7u25 (Deployment) CVE-2013-2469 — OpenJDK: Incorrect image layout verification (2D, 8012601) CVE-2013-2470 — OpenJDK: ImagingLib byte lookup processing (2D, 8011243) CVE-2013-2471 — OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248) CVE-2013-2472 — OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253) CVE-2013-2473 — OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257) CVE-2013-3743 — JDK: unspecified vulnerability fixed in 6u51 and 5u51 (AWT) CVE-2013-3829 — OpenJDK: java.util.TimeZone does not restrict setting of default time zone (Libraries, 8001029) CVE-2013-4002 — OpenJDK: XML parsing Denial of Service (JAXP, 8017298) CVE-2013-4578 — OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars CVE-2013-5772 — OpenJDK: insufficient html escaping in jhat (jhat, 8011081) CVE-2013-5774 — OpenJDK: Inet6Address class IPv6 address processing errors (Libraries, 8015743) CVE-2013-5776 — JDK: unspecified vulnerability fixed in 7u45 (Deployment) CVE-2013-5778 — OpenJDK: image conversion out of bounds read (2D, 8014102) CVE-2013-5780 — OpenJDK: key data leak via toString() methods (Libraries, 8011071) CVE-2013-5782 — OpenJDK: Incorrect awt_getPixelByte/awt_getPixelShort/awt_setPixelByte/awt_setPixelShort image raster checks (2D, 8014093) CVE-2013-5783 — OpenJDK: JTable not properly performing certain access checks (Swing, 8013744) CVE-2013-5784 — OpenJDK: insufficient InterfaceImplementor security checks (Scripting, 8017299) CVE-2013-5787 — JDK: unspecified vulnerability fixed in 7u45 (Deployment) CVE-2013-5789 — JDK: unspecified vulnerability fixed in 7u45 (Deployment) CVE-2013-5790 — OpenJDK: insufficient security checks (Beans, 8012071) CVE-2013-5797 — OpenJDK: insufficient escaping of window title string (Javadoc, 8016675) CVE-2013-5801 — JDK: unspecified vulnerability fixed in 7u45 (2D) CVE-2013-5802 — OpenJDK: javax.xml.transform.TransformerFactory does not properly honor XMLConstants.FEATURE_SECURE_PROCESSING (JAXP, 8012425) CVE-2013-5803 — OpenJDK: insufficient checks of KDC replies (JGSS, 8014341) CVE-2013-5804 — OpenJDK: javac does not ignore certain ignorable characters (Javadoc, 8016653) CVE-2013-5809 — OpenJDK: JPEGImageReader and JPEGImageWriter missing band size checks (2D, 8013510) CVE-2013-5812 — JDK: unspecified vulnerability fixed in 7u45 (Deployment) CVE-2013-5814 — OpenJDK: RMIConnection stub missing permission check (CORBA, 8011157) CVE-2013-5817 — OpenJDK: VersionHelper12 does not honor modifyThreadGroup restriction (JNDI, 8013739) CVE-2013-5818 — JDK: unspecified vulnerability fixed in 7u45 (Deployment) CVE-2013-5819 — JDK: unspecified vulnerability fixed in 7u45 (Deployment) CVE-2013-5820 — OpenJDK: insufficient security checks (JAXWS, 8017505) CVE-2013-5823 — OpenJDK: com.sun.org.apache.xml.internal.security.utils.UnsyncByteArrayOutputStream Denial of Service (Security, 8021290) CVE-2013-5824 — JDK: unspecified vulnerability fixed in 7u45 (Deployment) CVE-2013-5825 — OpenJDK: XML parsing Denial of Service (JAXP, 8014530) CVE-2013-5829 — OpenJDK: Java2d Disposer security bypass (2D, 8017287) CVE-2013-5830 — OpenJDK: checkPackageAccess missing security check (Libraries, 8017291) CVE-2013-5831 — JDK: unspecified vulnerability fixed in 7u45 (Deployment) CVE-2013-5832 — JDK: unspecified vulnerability fixed in 7u45 (Deployment) CVE-2013-5840 — OpenJDK: getDeclaringClass() information leak (Libraries, 8014349) CVE-2013-5842 — OpenJDK: ObjectInputStream/ObjectOutputStream missing checks (Libraries, 8014987) CVE-2013-5843 — JDK: unspecified vulnerability fixed in 7u45 (2D) CVE-2013-5848 — JDK: unspecified vulnerability fixed in 7u45 (Deployment) CVE-2013-5849 — OpenJDK: insufficient DataFlavor security checks (AWT, 8012277) CVE-2013-5850 — OpenJDK: Missing CORBA security checks (Libraries, 8017196) CVE-2013-5852 — JDK: unspecified vulnerability fixed in 7u45 (Deployment) CVE-2013-5878 — OpenJDK: null xmlns handling issue (Security, 8025026) CVE-2013-5884 — OpenJDK: insufficient security checks in CORBA stub factories (CORBA, 8026193) CVE-2013-5887 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2013-5888 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2013-5889 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2013-5896 — OpenJDK: com.sun.corba.se. should be restricted package (CORBA, 8025022) CVE-2013-5898 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2013-5899 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2013-5902 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2013-5905 — JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (Install) CVE-2013-5906 — JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (Install) CVE-2013-5907 — ICU: Layout Engine LookupProcessor insufficient input checks (JDK 2D, 8025034) CVE-2013-5910 — OpenJDK: XML canonicalizer mutable strings passed to untrusted code (Security, 8026417) CVE-2013-6629 — libjpeg: information leak (read of uninitialized memory) CVE-2013-6954 — libpng: unhandled zero-length PLTE chunk or NULL palette CVE-2014-0368 — OpenJDK: insufficient Socket checkListen checks (Networking, 8011786) CVE-2014-0373 — OpenJDK: SnmpStatusException handling issues (Serviceability, 7068126) CVE-2014-0375 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2014-0376 — OpenJDK: document builder missing security checks (JAXP, 8027201, 8025018) CVE-2014-0387 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2014-0403 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2014-0410 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2014-0411 — OpenJDK: TLS/SSL handshake timing issues (JSSE, 8023069) CVE-2014-0415 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2014-0416 — OpenJDK: insecure subject principals set handling (JAAS, 8024306) CVE-2014-0417 — JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (2D) CVE-2014-0418 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2014-0422 — OpenJDK: insufficient package access checks in the Naming component (JNDI, 8025758) CVE-2014-0423 — OpenJDK: XXE issue in decoder (Beans, 8023245) CVE-2014-0424 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2014-0428 — OpenJDK: insufficient security checks in IIOP streams (CORBA, 8025767) CVE-2014-0429 — OpenJDK: Incorrect mlib/raster image validation (2D, 8027841) CVE-2014-0446 — OpenJDK: Protect logger handlers (Libraries, 8029740) CVE-2014-0449 — JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) CVE-2014-0451 — OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797) CVE-2014-0452 — OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801) CVE-2014-0453 — OpenJDK: RSA unpadding timing issues (Security, 8027766) CVE-2014-0456 — OpenJDK: System.arraycopy() element race condition (Hotspot, 8029858) CVE-2014-0457 — OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394) CVE-2014-0458 — OpenJDK: Activation framework default command map caching (JAX-WS, 8025152) CVE-2014-0460 — OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731) CVE-2014-0461 — OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794) CVE-2014-1876 — OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618) CVE-2014-2398 — OpenJDK: insufficient escaping of window title string (Javadoc, 8026736) CVE-2014-2401 — JDK: unspecified vulnerability fixed in 5.0u75, 6u75, 7u55 and 8u5 (2D) CVE-2014-2403 — OpenJDK: JAXP CharInfo file access restriction (JAXP, 8029282) CVE-2014-2409 — JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) CVE-2014-2412 — OpenJDK: AWT thread context handling (AWT, 8025010) CVE-2014-2414 — OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030) CVE-2014-2420 — JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) CVE-2014-2421 — OpenJDK: JPEG decoder input stream handling (2D, 8029854) CVE-2014-2423 — OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188) CVE-2014-2427 — OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163) CVE-2014-2428 — JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment)
🔗 References (133)
- selfhttps://access.redhat.com/errata/RHSA-2014:0414
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttp://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
- externalhttp://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
- externalhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- externalhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=973474
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975099
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975102
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975107
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975110
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975115
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975118
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975120
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975121
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975124
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975125
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975126
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975127
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975129
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975131
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975132
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975133
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975134
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975137
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975138
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975139
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975140
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975141
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975142
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975144
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975146
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975148
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975757
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975761
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975764
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975767
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975770
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=975773
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1018713
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1018717
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1018720
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1018727
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1018736
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1018750
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1018785
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1018831
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1018972
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1018984
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019108
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019110
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019113
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019115
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019117
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019118
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019123
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019127
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019130
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019131
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019133
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019137
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019139
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019145
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019147
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019176
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019691
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019693
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019697
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019701
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019702
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019705
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019706
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019710
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019712
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019713
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019715
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019716
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019720
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1031734
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1045561
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1051519
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1051528
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1051699
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1051823
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1051911
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1051912
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1051923
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1052915
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1052919
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1052942
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053010
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053066
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053266
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053495
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053496
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053499
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053501
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053502
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053504
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053507
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053508
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053509
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053510
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053512
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053513
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053515
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053516
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053517
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053518
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1060907
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1086632
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1086645
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087409
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087411
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087413
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087417
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087426
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087427
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087428
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087430
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087431
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087434
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087436
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087439
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087441
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087442
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087443
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1088025
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1088027
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1088028
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1088030
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1088031
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0414.json