Vulnerability & Exploit Database

Back to search

RHSA-2014:0027: java-1.7.0-openjdk security update

Severity CVSS Published Added Modified
10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) January 15, 2014 January 15, 2014 July 04, 2017

Description

These packages provide the OpenJDK 7 Java Runtime Environment and theOpenJDK 7 Software Development Kit.An input validation flaw was discovered in the font layout engine in the 2Dcomponent. A specially crafted font file could trigger Java Virtual Machinememory corruption when processed. An untrusted Java application or appletcould possibly use this flaw to bypass Java sandbox restrictions.(CVE-2013-5907)Multiple improper permission check issues were discovered in the CORBA,JNDI, and Libraries components in OpenJDK. An untrusted Java application orapplet could use these flaws to bypass Java sandbox restrictions.(CVE-2014-0428, CVE-2014-0422, CVE-2013-5893)Multiple improper permission check issues were discovered in theServiceability, Security, CORBA, JAAS, JAXP, and Networking components inOpenJDK. An untrusted Java application or applet could use these flaws tobypass certain Java sandbox restrictions. (CVE-2014-0373, CVE-2013-5878,CVE-2013-5910, CVE-2013-5896, CVE-2013-5884, CVE-2014-0416, CVE-2014-0376,CVE-2014-0368)It was discovered that the Beans component did not restrict processing ofXML external entities. This flaw could cause a Java application using Beansto leak sensitive information, or affect application availability.(CVE-2014-0423)It was discovered that the JSSE component could leak timing informationduring the TLS/SSL handshake. This could possibly lead to disclosure ofinformation about the used encryption keys. (CVE-2014-0411)All users of java-1.7.0-openjdk are advised to upgrade to these updatedpackages, which resolve these issues. All running instances of OpenJDK Javamust be restarted for the update to take effect.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution Reference

Java Security Update

Solution

redhat-upgrade-java-1-7-0-openjdk

Related Vulnerabilities