rhsa-2013_1447
Vulnerability from csaf_redhat
Published
2013-10-21 17:37
Modified
2024-09-15 22:00
Summary
Red Hat Security Advisory: java-1.7.0-openjdk security update
Notes
Topic
Updated java-1.7.0-openjdk packages that fix various security issues are
now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
These packages provide the OpenJDK 7 Java Runtime Environment and the
OpenJDK 7 Software Development Kit.
Multiple input checking flaws were found in the 2D component native image
parsing code. A specially crafted image file could trigger a Java Virtual
Machine memory corruption and, possibly, lead to arbitrary code execution
with the privileges of the user running the Java Virtual Machine.
(CVE-2013-5782)
The class loader did not properly check the package access for non-public
proxy classes. A remote attacker could possibly use this flaw to execute
arbitrary code with the privileges of the user running the Java Virtual
Machine. (CVE-2013-5830)
Multiple improper permission check issues were discovered in the 2D, CORBA,
JNDI, and Libraries components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass Java sandbox restrictions.
(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850,
CVE-2013-5838)
Multiple input checking flaws were discovered in the JPEG image reading and
writing code in the 2D component. An untrusted Java application or applet
could use these flaws to corrupt the Java Virtual Machine memory and bypass
Java sandbox restrictions. (CVE-2013-5809)
The FEATURE_SECURE_PROCESSING setting was not properly honored by the
javax.xml.transform package transformers. A remote attacker could use this
flaw to supply a crafted XML that would be processed without the intended
security restrictions. (CVE-2013-5802)
Multiple errors were discovered in the way the JAXP and Security components
processes XML inputs. A remote attacker could create a crafted XML that
would cause a Java application to use an excessive amount of CPU and memory
when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)
Multiple improper permission check issues were discovered in the Libraries,
Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK.
An untrusted Java application or applet could use these flaws to bypass
certain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,
CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800,
CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)
It was discovered that the 2D component image library did not properly
check bounds when performing image conversions. An untrusted Java
application or applet could use this flaw to disclose portions of the Java
Virtual Machine memory. (CVE-2013-5778)
Multiple input sanitization flaws were discovered in javadoc. When javadoc
documentation was generated from an untrusted Java source code and hosted
on a domain not controlled by the code author, these issues could make it
easier to perform cross-site scripting attacks. (CVE-2013-5804,
CVE-2013-5797)
Various OpenJDK classes that represent cryptographic keys could leak
private key information by including sensitive data in strings returned by
toString() methods. These flaws could possibly lead to an unexpected
exposure of sensitive key data. (CVE-2013-5780)
The Java Heap Analysis Tool (jhat) failed to properly escape all data added
into the HTML pages it generated. Crafted content in the memory of a Java
program analyzed using jhat could possibly be used to conduct cross-site
scripting attacks. (CVE-2013-5772)
The Kerberos implementation in OpenJDK did not properly parse KDC
responses. A malformed packet could cause a Java application using JGSS to
exit. (CVE-2013-5803)
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated java-1.7.0-openjdk packages that fix various security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "These packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850,\nCVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800,\nCVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasier to perform cross-site scripting attacks. (CVE-2013-5804,\nCVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings returned by\ntoString() methods. These flaws could possibly lead to an unexpected\nexposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added\ninto the HTML pages it generated. Crafted content in the memory of a Java\nprogram analyzed using jhat could possibly be used to conduct cross-site\nscripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using JGSS to\nexit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:1447",
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1018713",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018713"
},
{
"category": "external",
"summary": "1018717",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018717"
},
{
"category": "external",
"summary": "1018720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018720"
},
{
"category": "external",
"summary": "1018727",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018727"
},
{
"category": "external",
"summary": "1018736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018736"
},
{
"category": "external",
"summary": "1018750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018750"
},
{
"category": "external",
"summary": "1018755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018755"
},
{
"category": "external",
"summary": "1018785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018785"
},
{
"category": "external",
"summary": "1018831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018831"
},
{
"category": "external",
"summary": "1018972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018972"
},
{
"category": "external",
"summary": "1018977",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018977"
},
{
"category": "external",
"summary": "1018984",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018984"
},
{
"category": "external",
"summary": "1019108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019108"
},
{
"category": "external",
"summary": "1019110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019110"
},
{
"category": "external",
"summary": "1019113",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019113"
},
{
"category": "external",
"summary": "1019115",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019115"
},
{
"category": "external",
"summary": "1019117",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019117"
},
{
"category": "external",
"summary": "1019118",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019118"
},
{
"category": "external",
"summary": "1019123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019123"
},
{
"category": "external",
"summary": "1019127",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019127"
},
{
"category": "external",
"summary": "1019130",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019130"
},
{
"category": "external",
"summary": "1019131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019131"
},
{
"category": "external",
"summary": "1019133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019133"
},
{
"category": "external",
"summary": "1019137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019137"
},
{
"category": "external",
"summary": "1019139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019139"
},
{
"category": "external",
"summary": "1019145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019145"
},
{
"category": "external",
"summary": "1019147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019147"
},
{
"category": "external",
"summary": "1019176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019176"
},
{
"category": "external",
"summary": "1019300",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019300"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2013/rhsa-2013_1447.json"
}
],
"title": "Red Hat Security Advisory: java-1.7.0-openjdk security update",
"tracking": {
"current_release_date": "2024-09-15T22:00:45+00:00",
"generator": {
"date": "2024-09-15T22:00:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2013:1447",
"initial_release_date": "2013-10-21T17:37:00+00:00",
"revision_history": [
{
"date": "2013-10-21T17:37:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-10-21T17:42:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-15T22:00:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"product": {
"name": "java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"product_id": "java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk-devel@1.7.0.45-2.4.3.1.el5_10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"product": {
"name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"product_id": "java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk-debuginfo@1.7.0.45-2.4.3.1.el5_10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"product": {
"name": "java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"product_id": "java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk-javadoc@1.7.0.45-2.4.3.1.el5_10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"product": {
"name": "java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"product_id": "java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk-src@1.7.0.45-2.4.3.1.el5_10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"product": {
"name": "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"product_id": "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk@1.7.0.45-2.4.3.1.el5_10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"product": {
"name": "java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"product_id": "java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk-demo@1.7.0.45-2.4.3.1.el5_10?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"product": {
"name": "java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"product_id": "java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk-devel@1.7.0.45-2.4.3.1.el5_10?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"product": {
"name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"product_id": "java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk-debuginfo@1.7.0.45-2.4.3.1.el5_10?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"product": {
"name": "java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"product_id": "java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk-javadoc@1.7.0.45-2.4.3.1.el5_10?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"product": {
"name": "java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"product_id": "java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk-src@1.7.0.45-2.4.3.1.el5_10?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"product": {
"name": "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"product_id": "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk@1.7.0.45-2.4.3.1.el5_10?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"product": {
"name": "java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"product_id": "java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk-demo@1.7.0.45-2.4.3.1.el5_10?arch=i386\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"product": {
"name": "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"product_id": "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk@1.7.0.45-2.4.3.1.el5_10?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src"
},
"product_reference": "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src"
},
"product_reference": "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"relates_to_product_reference": "5Server-5.10.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-3829",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1019133"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: java.util.TimeZone does not restrict setting of default time zone (Libraries, 8001029)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-3829"
},
{
"category": "external",
"summary": "RHBZ#1019133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019133"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-3829",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3829"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-3829",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3829"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: java.util.TimeZone does not restrict setting of default time zone (Libraries, 8001029)"
},
{
"cve": "CVE-2013-4002",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1019176"
}
],
"notes": [
{
"category": "description",
"text": "A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: XML parsing Denial of Service (JAXP, 8017298)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Fuse ESB Enterprise is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/\n\nRed Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Server 4 and 5; Red Hat JBoss Enterprise Web Platform 5; Red Hat JBoss SOA Platform 4 and 5; and Red Hat JBoss Web Server 1 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-4002"
},
{
"category": "external",
"summary": "RHBZ#1019176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-4002",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4002"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4002",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4002"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: XML parsing Denial of Service (JAXP, 8017298)"
},
{
"cve": "CVE-2013-5772",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1018717"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient html escaping in jhat (jhat, 8011081)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5772"
},
{
"category": "external",
"summary": "RHBZ#1018717",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018717"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5772",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5772"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "OpenJDK: insufficient html escaping in jhat (jhat, 8011081)"
},
{
"cve": "CVE-2013-5774",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1019147"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Inet6Address class IPv6 address processing errors (Libraries, 8015743)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5774"
},
{
"category": "external",
"summary": "RHBZ#1019147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019147"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5774",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5774"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: Inet6Address class IPv6 address processing errors (Libraries, 8015743)"
},
{
"cve": "CVE-2013-5778",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1018984"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: image conversion out of bounds read (2D, 8014102)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5778"
},
{
"category": "external",
"summary": "RHBZ#1018984",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018984"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5778",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5778"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5778"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: image conversion out of bounds read (2D, 8014102)"
},
{
"cve": "CVE-2013-5780",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1018785"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: key data leak via toString() methods (Libraries, 8011071)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5780"
},
{
"category": "external",
"summary": "RHBZ#1018785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018785"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5780",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5780"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: key data leak via toString() methods (Libraries, 8011071)"
},
{
"cve": "CVE-2013-5782",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1019108"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Incorrect awt_getPixelByte/awt_getPixelShort/awt_setPixelByte/awt_setPixelShort image raster checks (2D, 8014093)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5782"
},
{
"category": "external",
"summary": "RHBZ#1019108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5782",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5782"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: Incorrect awt_getPixelByte/awt_getPixelShort/awt_setPixelByte/awt_setPixelShort image raster checks (2D, 8014093)"
},
{
"cve": "CVE-2013-5783",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1019137"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: JTable not properly performing certain access checks (Swing, 8013744)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5783"
},
{
"category": "external",
"summary": "RHBZ#1019137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019137"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5783",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5783"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: JTable not properly performing certain access checks (Swing, 8013744)"
},
{
"cve": "CVE-2013-5784",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1018727"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient InterfaceImplementor security checks (Scripting, 8017299)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5784"
},
{
"category": "external",
"summary": "RHBZ#1018727",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018727"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5784",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5784"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: insufficient InterfaceImplementor security checks (Scripting, 8017299)"
},
{
"cve": "CVE-2013-5790",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1018736"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient security checks (Beans, 8012071)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5790"
},
{
"category": "external",
"summary": "RHBZ#1018736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5790",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5790"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: insufficient security checks (Beans, 8012071)"
},
{
"cve": "CVE-2013-5797",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1018720"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient escaping of window title string (Javadoc, 8016675)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5797"
},
{
"category": "external",
"summary": "RHBZ#1018720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5797",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5797"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5797",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5797"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "OpenJDK: insufficient escaping of window title string (Javadoc, 8016675)"
},
{
"cve": "CVE-2013-5800",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1018755"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JGSS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: default keytab path information leak (JGSS, 8022931)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5800"
},
{
"category": "external",
"summary": "RHBZ#1018755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018755"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5800",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5800"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5800",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5800"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: default keytab path information leak (JGSS, 8022931)"
},
{
"cve": "CVE-2013-5802",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1019130"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: javax.xml.transform.TransformerFactory does not properly honor XMLConstants.FEATURE_SECURE_PROCESSING (JAXP, 8012425)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5802"
},
{
"category": "external",
"summary": "RHBZ#1019130",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019130"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5802",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5802"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK: javax.xml.transform.TransformerFactory does not properly honor XMLConstants.FEATURE_SECURE_PROCESSING (JAXP, 8012425)"
},
{
"cve": "CVE-2013-5803",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1018713"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient checks of KDC replies (JGSS, 8014341)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5803"
},
{
"category": "external",
"summary": "RHBZ#1018713",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018713"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5803",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5803"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5803",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5803"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "OpenJDK: insufficient checks of KDC replies (JGSS, 8014341)"
},
{
"cve": "CVE-2013-5804",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1019131"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: javac does not ignore certain ignorable characters (Javadoc, 8016653)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5804"
},
{
"category": "external",
"summary": "RHBZ#1019131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019131"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5804",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5804"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5804",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5804"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: javac does not ignore certain ignorable characters (Javadoc, 8016653)"
},
{
"cve": "CVE-2013-5809",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1019113"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5829.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: JPEGImageReader and JPEGImageWriter missing band size checks (2D, 8013510)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5809"
},
{
"category": "external",
"summary": "RHBZ#1019113",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019113"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5809",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5809"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: JPEGImageReader and JPEGImageWriter missing band size checks (2D, 8013510)"
},
{
"cve": "CVE-2013-5814",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1019117"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: RMIConnection stub missing permission check (CORBA, 8011157)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5814"
},
{
"category": "external",
"summary": "RHBZ#1019117",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019117"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5814",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5814"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: RMIConnection stub missing permission check (CORBA, 8011157)"
},
{
"cve": "CVE-2013-5817",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1019118"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: VersionHelper12 does not honor modifyThreadGroup restriction (JNDI, 8013739)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5817"
},
{
"category": "external",
"summary": "RHBZ#1019118",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019118"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5817",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5817"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: VersionHelper12 does not honor modifyThreadGroup restriction (JNDI, 8013739)"
},
{
"cve": "CVE-2013-5820",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1018972"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient security checks (JAXWS, 8017505)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5820"
},
{
"category": "external",
"summary": "RHBZ#1018972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5820",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5820"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: insufficient security checks (JAXWS, 8017505)"
},
{
"cve": "CVE-2013-5823",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1019145"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: com.sun.org.apache.xml.internal.security.utils.UnsyncByteArrayOutputStream Denial of Service (Security, 8021290)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5823"
},
{
"category": "external",
"summary": "RHBZ#1019145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019145"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5823",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5823"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: com.sun.org.apache.xml.internal.security.utils.UnsyncByteArrayOutputStream Denial of Service (Security, 8021290)"
},
{
"cve": "CVE-2013-5825",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1019139"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: XML parsing Denial of Service (JAXP, 8014530)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5825"
},
{
"category": "external",
"summary": "RHBZ#1019139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019139"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5825",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5825"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5825",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5825"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: XML parsing Denial of Service (JAXP, 8014530)"
},
{
"cve": "CVE-2013-5829",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1019115"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5809.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Java2d Disposer security bypass (2D, 8017287)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5829"
},
{
"category": "external",
"summary": "RHBZ#1019115",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019115"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5829",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5829"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5829",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5829"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: Java2d Disposer security bypass (2D, 8017287)"
},
{
"cve": "CVE-2013-5830",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1019110"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: checkPackageAccess missing security check (Libraries, 8017291)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5830"
},
{
"category": "external",
"summary": "RHBZ#1019110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5830",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5830"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5830",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5830"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: checkPackageAccess missing security check (Libraries, 8017291)"
},
{
"cve": "CVE-2013-5838",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1019300"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Vulnerability in Libraries component (Libraries, 7023639)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5838"
},
{
"category": "external",
"summary": "RHBZ#1019300",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019300"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5838",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5838"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5838",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5838"
},
{
"category": "external",
"summary": "http://seclists.org/fulldisclosure/2013/Oct/116",
"url": "http://seclists.org/fulldisclosure/2013/Oct/116"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
},
{
"category": "external",
"summary": "http://www.security-explorations.com/materials/SE-2012-01-ORACLE-13.pdf",
"url": "http://www.security-explorations.com/materials/SE-2012-01-ORACLE-13.pdf"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: Vulnerability in Libraries component (Libraries, 7023639)"
},
{
"cve": "CVE-2013-5840",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1018831"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: getDeclaringClass() information leak (Libraries, 8014349)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5840"
},
{
"category": "external",
"summary": "RHBZ#1018831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018831"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5840",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5840"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5840"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: getDeclaringClass() information leak (Libraries, 8014349)"
},
{
"cve": "CVE-2013-5842",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1019123"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5850.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: ObjectInputStream/ObjectOutputStream missing checks (Libraries, 8014987)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5842"
},
{
"category": "external",
"summary": "RHBZ#1019123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019123"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5842",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5842"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5842",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5842"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: ObjectInputStream/ObjectOutputStream missing checks (Libraries, 8014987)"
},
{
"cve": "CVE-2013-5849",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1018750"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient DataFlavor security checks (AWT, 8012277)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5849"
},
{
"category": "external",
"summary": "RHBZ#1018750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5849",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5849"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5849",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5849"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: insufficient DataFlavor security checks (AWT, 8012277)"
},
{
"cve": "CVE-2013-5850",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1019127"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5842.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Missing CORBA security checks (Libraries, 8017196)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5850"
},
{
"category": "external",
"summary": "RHBZ#1019127",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019127"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5850",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5850"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: Missing CORBA security checks (Libraries, 8017196)"
},
{
"cve": "CVE-2013-5851",
"discovery_date": "2013-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1018977"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: XML stream factory finder information leak (JAXP, 8013502)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5851"
},
{
"category": "external",
"summary": "RHBZ#1018977",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018977"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5851",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5851"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"release_date": "2013-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1447"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.45-2.4.3.1.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.45-2.4.3.1.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: XML stream factory finder information leak (JAXP, 8013502)"
}
]
}
Loading...