Red Hat Security Advisory: java-1.7.0-oracle security update
🔗 CVE IDs covered (23)
📋 Description
CVE-2015-2590 — OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401) CVE-2015-2596 — JDK: unspecified vulnerability fixed in 7u85 (Hotspot) CVE-2015-2601 — OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865) CVE-2015-2613 — JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833) CVE-2015-2619 — JDK: unspecified vulnerability fixed in 7u85 and 8u51 (2D) CVE-2015-2621 — OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853) CVE-2015-2625 — OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694) CVE-2015-2627 — JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Install) CVE-2015-2628 — OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376) CVE-2015-2632 — ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520) CVE-2015-2637 — JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D) CVE-2015-2638 — JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D) CVE-2015-2664 — JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Deployment) CVE-2015-2808 — SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher CVE-2015-4000 — LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks CVE-2015-4729 — JDK: unspecified vulnerability fixed in 7u85 and 8u51 (Deployment) CVE-2015-4731 — OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397) CVE-2015-4732 — OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405) CVE-2015-4733 — OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409) CVE-2015-4736 — JDK: unspecified vulnerability fixed in 7u85 and 8u51 (Deployment) CVE-2015-4748 — OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374) CVE-2015-4749 — OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378) CVE-2015-4760 — ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715)
🔗 References (29)
- selfhttps://access.redhat.com/errata/RHSA-2015:1242
- externalhttps://access.redhat.com/security/updates/classification/#critical
- externalhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1207101#c11
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1207101
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1223211
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1241965
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1242019
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1242232
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1242234
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1242240
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1242275
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1242281
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1242372
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1242379
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1242394
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1242447
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1242456
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1243139
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1243283
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1243284
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1243286
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1243287
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1243288
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1243290
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1243291
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1243300
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1242.json