Rapid7 Vulnerability & Exploit Database

RHSA-2014:1882: java-1.7.0-ibm security update

Back to Search

RHSA-2014:1882: java-1.7.0-ibm security update



IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBMJava Software Development Kit.This update fixes several vulnerabilities in the IBM Java RuntimeEnvironment and the IBM Java Software Development Kit. Detailedvulnerability descriptions are linked from the IBM Security alertspage, listed in the References section. (CVE-2014-3065, CVE-2014-3566,CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476,CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506,CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6527, CVE-2014-6531,CVE-2014-6532, CVE-2014-6558)The CVE-2014-6512 issue was discovered by Florian Weimer of Red HatProduct Security.Note: With this update, the IBM SDK now disables the SSL 3.0 protocol toaddress the CVE-2014-3566 issue (also known as POODLE). Refer to the IBMarticle linked to in the References section for additional details aboutthis change and instructions on how to re-enable SSL 3.0 support if needed.Note: This is the last update for the java-1.7.0-ibm packages distributedvia the Red Hat Enterprise Linux 6 Supplementary channels. TheRHEA-2014:1619 advisory, released as a part of Red Hat Enterprise Linux6.6, introduced the new java-1.7.1-ibm packages. These packages contain IBMJava SE version 7 Release 1, which adds multiple enhancements over the IBMJava SE version 7 in the java-1.7.0-ibm packages. All java-1.7.0-ibm usersmust migrate to java-1.7.1-ibm packages to continue receiving updates forthe IBM Java SE version 7 via the Red Hat Enterprise Linux 6 Supplementarychannel.All users of java-1.7.0-ibm are advised to upgrade to these updatedpackages, containing the IBM Java SE 7 SR8 release. All running instancesof IBM Java must be restarted for the update to take effect.


  • redhat-upgrade-java-1-7-0-ibm
  • redhat-upgrade-java-1-7-0-ibm-demo
  • redhat-upgrade-java-1-7-0-ibm-devel
  • redhat-upgrade-java-1-7-0-ibm-jdbc
  • redhat-upgrade-java-1-7-0-ibm-plugin
  • redhat-upgrade-java-1-7-0-ibm-src

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center