RHSA-2015:0264Low

Red Hat Security Advisory: Red Hat Satellite IBM Java Runtime security update

Published
February 24, 2015
Last Modified
June 27, 2026

🔗 CVE IDs covered (40)

📋 Description

CVE-2014-3065 — JDK: privilege escalation via shared class cache CVE-2014-3068 — JDK: Java CMS keystore provider potentially allows brute-force private key recovery CVE-2014-3086 — JDK: Privilege escalation issue CVE-2014-3566 — SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack CVE-2014-4209 — OpenJDK: SubjectDelegator protection insufficient (JMX, 8029755) CVE-2014-4218 — OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009) CVE-2014-4219 — OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119) CVE-2014-4227 — JDK: unspecified vulnerability fixed in 6u81, 7u65 and 8u11 (Deployment) CVE-2014-4244 — OpenJDK: RSA blinding issues (Security, 8031346) CVE-2014-4252 — OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004) CVE-2014-4262 — OpenJDK: AtomicReferenceFieldUpdater missing primitive type check (Libraries, 8039520) CVE-2014-4263 — OpenJDK: insufficient Diffie-Hellman public key validation (Security, 8037162) CVE-2014-4265 — JDK: unspecified vulnerability fixed in 6u81, 7u65 and 8u11 (Deployment) CVE-2014-4288 — JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) CVE-2014-6457 — OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066) CVE-2014-6458 — JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) CVE-2014-6492 — JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) CVE-2014-6493 — JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) CVE-2014-6502 — OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797) CVE-2014-6503 — JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) CVE-2014-6506 — OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564) CVE-2014-6511 — ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540) CVE-2014-6512 — OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509) CVE-2014-6515 — JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) CVE-2014-6531 — OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274) CVE-2014-6532 — JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) CVE-2014-6558 — OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846) CVE-2014-6585 — ICU: font parsing OOB read (OpenJDK 2D, 8055489) CVE-2014-6587 — OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264) CVE-2014-6591 — ICU: font parsing OOB read (OpenJDK 2D, 8056276) CVE-2014-6593 — OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555) CVE-2014-8891 — JDK: unspecified full Java sandbox bypass fixed in Feb 2015 update CVE-2014-8892 — JDK: unspecified partial Java sandbox bypass fixed in Feb 2015 update CVE-2015-0395 — OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125) CVE-2015-0403 — JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) CVE-2015-0406 — JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) CVE-2015-0407 — OpenJDK: directory information leak via file chooser (Swing, 8055304) CVE-2015-0408 — OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309) CVE-2015-0410 — OpenJDK: DER decoder infinite loop (Security, 8059485) CVE-2015-0412 — OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)

🔗 References (43)