These packages provide the OpenJDK 7 Java Runtime Environment and theOpenJDK 7 Software Development Kit.An input validation flaw was discovered in the font layout engine in the 2Dcomponent. A specially crafted font file could trigger Java Virtual Machinememory corruption when processed. An untrusted Java application or appletcould possibly use this flaw to bypass Java sandbox restrictions.(CVE-2013-5907)Multiple improper permission check issues were discovered in the CORBA,JNDI, and Libraries components in OpenJDK. An untrusted Java application orapplet could use these flaws to bypass Java sandbox restrictions.(CVE-2014-0428, CVE-2014-0422, CVE-2013-5893)Multiple improper permission check issues were discovered in theServiceability, Security, CORBA, JAAS, JAXP, and Networking components inOpenJDK. An untrusted Java application or applet could use these flaws tobypass certain Java sandbox restrictions. (CVE-2014-0373, CVE-2013-5878,CVE-2013-5910, CVE-2013-5896, CVE-2013-5884, CVE-2014-0416, CVE-2014-0376,CVE-2014-0368)It was discovered that the Beans component did not restrict processing ofXML external entities. This flaw could cause a Java application using Beansto leak sensitive information, or affect application availability.(CVE-2014-0423)It was discovered that the JSSE component could leak timing informationduring the TLS/SSL handshake. This could possibly lead to disclosure ofinformation about the used encryption keys. (CVE-2014-0411)All users of java-1.7.0-openjdk are advised to upgrade to these updatedpackages, which resolve these issues. All running instances of OpenJDK Javamust be restarted for the update to take effect.