Red Hat Security Advisory: java-1.7.1-ibm security update
🔗 CVE IDs covered (54)
📋 Description
CVE-2013-5878 — OpenJDK: null xmlns handling issue (Security, 8025026) CVE-2013-5884 — OpenJDK: insufficient security checks in CORBA stub factories (CORBA, 8026193) CVE-2013-5887 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2013-5888 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2013-5889 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2013-5896 — OpenJDK: com.sun.corba.se. should be restricted package (CORBA, 8025022) CVE-2013-5898 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2013-5899 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2013-5907 — ICU: Layout Engine LookupProcessor insufficient input checks (JDK 2D, 8025034) CVE-2013-5910 — OpenJDK: XML canonicalizer mutable strings passed to untrusted code (Security, 8026417) CVE-2013-6629 — libjpeg: information leak (read of uninitialized memory) CVE-2013-6954 — libpng: unhandled zero-length PLTE chunk or NULL palette CVE-2014-0368 — OpenJDK: insufficient Socket checkListen checks (Networking, 8011786) CVE-2014-0373 — OpenJDK: SnmpStatusException handling issues (Serviceability, 7068126) CVE-2014-0375 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2014-0376 — OpenJDK: document builder missing security checks (JAXP, 8027201, 8025018) CVE-2014-0387 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2014-0403 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2014-0410 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2014-0411 — OpenJDK: TLS/SSL handshake timing issues (JSSE, 8023069) CVE-2014-0415 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2014-0416 — OpenJDK: insecure subject principals set handling (JAAS, 8024306) CVE-2014-0417 — JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (2D) CVE-2014-0422 — OpenJDK: insufficient package access checks in the Naming component (JNDI, 8025758) CVE-2014-0423 — OpenJDK: XXE issue in decoder (Beans, 8023245) CVE-2014-0424 — JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) CVE-2014-0428 — OpenJDK: insufficient security checks in IIOP streams (CORBA, 8025767) CVE-2014-0429 — OpenJDK: Incorrect mlib/raster image validation (2D, 8027841) CVE-2014-0446 — OpenJDK: Protect logger handlers (Libraries, 8029740) CVE-2014-0448 — JDK: unspecified vulnerability fixed in 7u55 and 8u5 (Deployment) CVE-2014-0449 — JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) CVE-2014-0451 — OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797) CVE-2014-0452 — OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801) CVE-2014-0453 — OpenJDK: RSA unpadding timing issues (Security, 8027766) CVE-2014-0454 — OpenJDK: Prevent SIGNATURE_PRIMITIVE_SET from being modified (Security, 8029745) CVE-2014-0455 — OpenJDK: MethodHandle variable argument lists handling (Libraries, 8029844) CVE-2014-0457 — OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394) CVE-2014-0458 — OpenJDK: Activation framework default command map caching (JAX-WS, 8025152) CVE-2014-0459 — lcms: insufficient ICC profile version validation (OpenJDK 2D, 8031335) CVE-2014-0460 — OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731) CVE-2014-0461 — OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794) CVE-2014-0878 — JDK: Vulnerability in the IBMSecureRandom implementation of the IBMJCE and IBMSecureRandom cryptographic providers CVE-2014-1876 — OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618) CVE-2014-2398 — OpenJDK: insufficient escaping of window title string (Javadoc, 8026736) CVE-2014-2401 — JDK: unspecified vulnerability fixed in 5.0u75, 6u75, 7u55 and 8u5 (2D) CVE-2014-2402 — OpenJDK: Incorrect NIO channel separation (Libraries, 8026716) CVE-2014-2409 — JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) CVE-2014-2412 — OpenJDK: AWT thread context handling (AWT, 8025010) CVE-2014-2414 — OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030) CVE-2014-2420 — JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) CVE-2014-2421 — OpenJDK: JPEG decoder input stream handling (2D, 8029854) CVE-2014-2423 — OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188) CVE-2014-2427 — OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163) CVE-2014-2428 — JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment)
🔗 References (57)
- selfhttps://access.redhat.com/errata/RHSA-2014:0705
- externalhttps://access.redhat.com/security/updates/classification/#critical
- externalhttps://www.ibm.com/developerworks/java/jdk/alerts/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1031734
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1045561
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1051519
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1051528
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1051699
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1051823
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1051911
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1051912
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1051923
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1052915
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1052919
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1052942
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053010
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053066
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053266
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053495
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053496
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053499
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053501
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053502
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053504
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053507
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053508
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053515
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053516
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053517
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053518
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1060907
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1086632
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1086645
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087409
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087411
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087417
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087424
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087426
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087427
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087428
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087430
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087431
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087434
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087436
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087438
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087439
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087440
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087441
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087442
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087444
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1088024
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1088025
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1088027
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1088028
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1088030
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1088031
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0705.json