Red Hat Security Advisory: Red Hat Satellite IBM Java Runtime security update
🔗 CVE IDs covered (40)
📋 Description
CVE-2014-3065 — JDK: privilege escalation via shared class cache CVE-2014-3068 — JDK: Java CMS keystore provider potentially allows brute-force private key recovery CVE-2014-3086 — JDK: Privilege escalation issue CVE-2014-3566 — SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack CVE-2014-4209 — OpenJDK: SubjectDelegator protection insufficient (JMX, 8029755) CVE-2014-4218 — OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009) CVE-2014-4219 — OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119) CVE-2014-4227 — JDK: unspecified vulnerability fixed in 6u81, 7u65 and 8u11 (Deployment) CVE-2014-4244 — OpenJDK: RSA blinding issues (Security, 8031346) CVE-2014-4252 — OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004) CVE-2014-4262 — OpenJDK: AtomicReferenceFieldUpdater missing primitive type check (Libraries, 8039520) CVE-2014-4263 — OpenJDK: insufficient Diffie-Hellman public key validation (Security, 8037162) CVE-2014-4265 — JDK: unspecified vulnerability fixed in 6u81, 7u65 and 8u11 (Deployment) CVE-2014-4288 — JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) CVE-2014-6457 — OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066) CVE-2014-6458 — JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) CVE-2014-6492 — JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) CVE-2014-6493 — JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) CVE-2014-6502 — OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797) CVE-2014-6503 — JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) CVE-2014-6506 — OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564) CVE-2014-6511 — ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540) CVE-2014-6512 — OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509) CVE-2014-6515 — JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) CVE-2014-6531 — OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274) CVE-2014-6532 — JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) CVE-2014-6558 — OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846) CVE-2014-6585 — ICU: font parsing OOB read (OpenJDK 2D, 8055489) CVE-2014-6587 — OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264) CVE-2014-6591 — ICU: font parsing OOB read (OpenJDK 2D, 8056276) CVE-2014-6593 — OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555) CVE-2014-8891 — JDK: unspecified full Java sandbox bypass fixed in Feb 2015 update CVE-2014-8892 — JDK: unspecified partial Java sandbox bypass fixed in Feb 2015 update CVE-2015-0395 — OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125) CVE-2015-0403 — JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) CVE-2015-0406 — JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) CVE-2015-0407 — OpenJDK: directory information leak via file chooser (Swing, 8055304) CVE-2015-0408 — OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309) CVE-2015-0410 — OpenJDK: DER decoder infinite loop (Security, 8059485) CVE-2015-0412 — OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)
🔗 References (43)
- selfhttps://access.redhat.com/errata/RHSA-2015:0264
- externalhttps://access.redhat.com/security/updates/classification/#low
- externalhttps://www.ibm.com/developerworks/java/jdk/alerts/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1071210
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1075795
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1119475
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1119476
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1119596
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1119608
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1119611
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1119613
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1119912
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1119913
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1150155
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1150651
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1150669
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1151046
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1151063
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1151517
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1152756
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1152757
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1152759
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1152760
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1152761
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1152763
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1152766
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1152789
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1162554
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1164201
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1183021
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1183023
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1183031
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1183043
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1183044
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1183049
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1183645
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1183646
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1183715
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1184275
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1184277
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1189142
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1189145
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0264.json