rhsa-2014_0407
Vulnerability from csaf_redhat
Published
2014-04-16 11:23
Modified
2024-11-14 14:26
Summary
Red Hat Security Advisory: java-1.7.0-openjdk security update
Notes
Topic
Updated java-1.7.0-openjdk packages that fix various security issues are
now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.
An input validation flaw was discovered in the medialib library in the 2D
component. A specially crafted image could trigger Java Virtual Machine
memory corruption when processed. A remote attacker, or an untrusted Java
application or applet, could possibly use this flaw to execute arbitrary
code with the privileges of the user running the Java Virtual Machine.
(CVE-2014-0429)
Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK.
An untrusted Java application or applet could use these flaws to trigger
Java Virtual Machine memory corruption and possibly bypass Java sandbox
restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)
Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-0457,
CVE-2014-0455, CVE-2014-0461)
Multiple improper permission check issues were discovered in the AWT,
JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK.
An untrusted Java application or applet could use these flaws to bypass
certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,
CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402,
CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)
Multiple flaws were identified in the Java Naming and Directory Interface
(JNDI) DNS client. These flaws could make it easier for a remote attacker
to perform DNS spoofing attacks. (CVE-2014-0460)
It was discovered that the JAXP component did not properly prevent access
to arbitrary files when a SecurityManager was present. This flaw could
cause a Java application using JAXP to leak sensitive information, or
affect application availability. (CVE-2014-2403)
It was discovered that the Security component in OpenJDK could leak some
timing information when performing PKCS#1 unpadding. This could possibly
lead to the disclosure of some information that was meant to be protected
by encryption. (CVE-2014-0453)
It was discovered that the fix for CVE-2013-5797 did not properly resolve
input sanitization flaws in javadoc. When javadoc documentation was
generated from an untrusted Java source code and hosted on a domain not
controlled by the code author, these issues could make it easier to perform
cross-site scripting (XSS) attacks. (CVE-2014-2398)
An insecure temporary file use flaw was found in the way the unpack200
utility created log files. A local attacker could possibly use this flaw to
perform a symbolic link attack and overwrite arbitrary files with the
privileges of the user running unpack200. (CVE-2014-1876)
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated java-1.7.0-openjdk packages that fix various security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn input validation flaw was discovered in the medialib library in the 2D\ncomponent. A specially crafted image could trigger Java Virtual Machine\nmemory corruption when processed. A remote attacker, or an untrusted Java\napplication or applet, could possibly use this flaw to execute arbitrary\ncode with the privileges of the user running the Java Virtual Machine.\n(CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to trigger\nJava Virtual Machine memory corruption and possibly bypass Java sandbox\nrestrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries\ncomponent in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2014-0457,\nCVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,\nCVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402,\nCVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory Interface\n(JNDI) DNS client. These flaws could make it easier for a remote attacker\nto perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access\nto arbitrary files when a SecurityManager was present. This flaw could\ncause a Java application using JAXP to leak sensitive information, or\naffect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some\ntiming information when performing PKCS#1 unpadding. This could possibly\nlead to the disclosure of some information that was meant to be protected\nby encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve\ninput sanitization flaws in javadoc. When javadoc documentation was\ngenerated from an untrusted Java source code and hosted on a domain not\ncontrolled by the code author, these issues could make it easier to perform\ncross-site scripting (XSS) attacks. (CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this flaw to\nperform a symbolic link attack and overwrite arbitrary files with the\nprivileges of the user running unpack200. (CVE-2014-1876)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2014:0407", "url": "https://access.redhat.com/errata/RHSA-2014:0407" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1060907", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1060907" }, { "category": "external", "summary": "1086632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1086632" }, { "category": "external", "summary": "1086645", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1086645" }, { "category": "external", "summary": "1087409", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087409" }, { "category": "external", "summary": "1087411", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087411" }, { "category": "external", "summary": "1087413", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087413" }, { "category": "external", "summary": "1087417", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087417" }, { "category": "external", "summary": "1087423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087423" }, { "category": "external", "summary": "1087424", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087424" }, { "category": "external", "summary": "1087426", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087426" }, { "category": "external", "summary": "1087427", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087427" }, { "category": "external", "summary": "1087428", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087428" }, { "category": "external", "summary": "1087430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087430" }, { "category": "external", "summary": "1087431", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087431" }, { "category": "external", "summary": "1087434", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087434" }, { "category": "external", "summary": "1087436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087436" }, { "category": "external", "summary": "1087438", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087438" }, { "category": "external", "summary": "1087439", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087439" }, { "category": "external", "summary": "1087440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087440" }, { "category": "external", "summary": "1087441", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087441" }, { "category": "external", "summary": "1087442", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087442" }, { "category": "external", "summary": "1087443", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087443" }, { "category": "external", "summary": "1087444", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087444" }, { "category": "external", "summary": "1087446", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087446" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0407.json" } ], "title": "Red Hat Security Advisory: java-1.7.0-openjdk security update", "tracking": { "current_release_date": "2024-11-14T14:26:59+00:00", "generator": { "date": "2024-11-14T14:26:59+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2014:0407", "initial_release_date": "2014-04-16T11:23:49+00:00", "revision_history": [ { "date": "2014-04-16T11:23:49+00:00", "number": "1", "summary": "Initial version" }, { "date": "2014-04-16T11:23:49+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T14:26:59+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.10.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux (v. 5 server)", "product": { "name": "Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.10.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "product": { "name": "java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "product_id": "java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-demo@1.7.0.55-2.4.7.1.el5_10?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "product": { "name": "java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "product_id": "java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-javadoc@1.7.0.55-2.4.7.1.el5_10?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "product": { "name": "java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "product_id": "java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-src@1.7.0.55-2.4.7.1.el5_10?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "product": { "name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "product_id": "java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-debuginfo@1.7.0.55-2.4.7.1.el5_10?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "product": { "name": "java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "product_id": "java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk@1.7.0.55-2.4.7.1.el5_10?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "product": { "name": "java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "product_id": "java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-devel@1.7.0.55-2.4.7.1.el5_10?arch=i386\u0026epoch=1" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "product": { "name": "java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "product_id": "java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-demo@1.7.0.55-2.4.7.1.el5_10?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "product": { "name": "java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "product_id": "java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-javadoc@1.7.0.55-2.4.7.1.el5_10?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "product": { "name": "java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "product_id": "java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-src@1.7.0.55-2.4.7.1.el5_10?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "product": { "name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "product_id": "java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-debuginfo@1.7.0.55-2.4.7.1.el5_10?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "product": { "name": "java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "product_id": "java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk@1.7.0.55-2.4.7.1.el5_10?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "product": { "name": "java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "product_id": "java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-devel@1.7.0.55-2.4.7.1.el5_10?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "product": { "name": "java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "product_id": "java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk@1.7.0.55-2.4.7.1.el5_10?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386" }, "product_reference": "java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "relates_to_product_reference": "5Client-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src" }, "product_reference": "java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "relates_to_product_reference": "5Client-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64" }, "product_reference": "java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "relates_to_product_reference": "5Client-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386" }, "product_reference": "java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "relates_to_product_reference": "5Client-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64" }, "product_reference": "java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "relates_to_product_reference": "5Client-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386" }, "product_reference": "java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "relates_to_product_reference": "5Client-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64" }, "product_reference": "java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "relates_to_product_reference": "5Client-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386" }, "product_reference": "java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "relates_to_product_reference": "5Client-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64" }, "product_reference": "java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "relates_to_product_reference": "5Client-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386" }, "product_reference": "java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "relates_to_product_reference": "5Client-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64" }, "product_reference": "java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "relates_to_product_reference": "5Client-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386" }, "product_reference": "java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "relates_to_product_reference": "5Client-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" }, "product_reference": "java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "relates_to_product_reference": "5Client-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386" }, "product_reference": "java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "relates_to_product_reference": "5Server-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src" }, "product_reference": "java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "relates_to_product_reference": "5Server-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64" }, "product_reference": "java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "relates_to_product_reference": "5Server-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386" }, "product_reference": "java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "relates_to_product_reference": "5Server-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64" }, "product_reference": "java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "relates_to_product_reference": "5Server-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386" }, "product_reference": "java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "relates_to_product_reference": "5Server-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64" }, "product_reference": "java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "relates_to_product_reference": "5Server-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386" }, "product_reference": "java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "relates_to_product_reference": "5Server-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64" }, "product_reference": "java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "relates_to_product_reference": "5Server-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386" }, "product_reference": "java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "relates_to_product_reference": "5Server-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64" }, "product_reference": "java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "relates_to_product_reference": "5Server-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386" }, "product_reference": "java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "relates_to_product_reference": "5Server-5.10.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" }, "product_reference": "java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "relates_to_product_reference": "5Server-5.10.Z" } ] }, "vulnerabilities": [ { "cve": "CVE-2014-0429", "discovery_date": "2014-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1087409" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Incorrect mlib/raster image validation (2D, 8027841)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0429" }, { "category": "external", "summary": "RHBZ#1087409", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087409" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0429", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0429" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0429", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0429" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: Incorrect mlib/raster image validation (2D, 8027841)" }, { "cve": "CVE-2014-0446", "discovery_date": "2014-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1087439" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Protect logger handlers (Libraries, 8029740)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0446" }, { "category": "external", "summary": "RHBZ#1087439", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087439" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0446", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0446" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0446", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0446" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: Protect logger handlers (Libraries, 8029740)" }, { "cve": "CVE-2014-0451", "discovery_date": "2014-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1087428" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0451" }, { "category": "external", "summary": "RHBZ#1087428", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087428" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0451", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0451" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0451", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0451" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797)" }, { "cve": "CVE-2014-0452", "discovery_date": "2014-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1087436" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0452" }, { "category": "external", "summary": "RHBZ#1087436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087436" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0452", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0452" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0452", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0452" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801)" }, { "cve": "CVE-2014-0453", "discovery_date": "2014-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1086645" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: RSA unpadding timing issues (Security, 8027766)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0453" }, { "category": "external", "summary": "RHBZ#1086645", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1086645" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0453", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0453" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0453", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0453" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: RSA unpadding timing issues (Security, 8027766)" }, { "cve": "CVE-2014-0454", "discovery_date": "2014-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1087440" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Prevent SIGNATURE_PRIMITIVE_SET from being modified (Security, 8029745)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0454" }, { "category": "external", "summary": "RHBZ#1087440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087440" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0454", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0454" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0454", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0454" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: Prevent SIGNATURE_PRIMITIVE_SET from being modified (Security, 8029745)" }, { "cve": "CVE-2014-0455", "discovery_date": "2014-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1087424" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: MethodHandle variable argument lists handling (Libraries, 8029844)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0455" }, { "category": "external", "summary": "RHBZ#1087424", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087424" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0455", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0455" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0455", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0455" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: MethodHandle variable argument lists handling (Libraries, 8029844)" }, { "cve": "CVE-2014-0456", "discovery_date": "2014-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1087413" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: System.arraycopy() element race condition (Hotspot, 8029858)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0456" }, { "category": "external", "summary": "RHBZ#1087413", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087413" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0456", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0456" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0456", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0456" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: System.arraycopy() element race condition (Hotspot, 8029858)" }, { "cve": "CVE-2014-0457", "discovery_date": "2014-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1087411" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0457" }, { "category": "external", "summary": "RHBZ#1087411", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087411" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0457", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0457" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0457", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0457" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394)" }, { "cve": "CVE-2014-0458", "discovery_date": "2014-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1087430" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Activation framework default command map caching (JAX-WS, 8025152)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0458" }, { "category": "external", "summary": "RHBZ#1087430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087430" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0458", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0458" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0458", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0458" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: Activation framework default command map caching (JAX-WS, 8025152)" }, { "cve": "CVE-2014-0459", "discovery_date": "2014-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1087444" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.", "title": "Vulnerability description" }, { "category": "summary", "text": "lcms: insufficient ICC profile version validation (OpenJDK 2D, 8031335)", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of lcms as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0459" }, { "category": "external", "summary": "RHBZ#1087444", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087444" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0459", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0459" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0459", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0459" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "lcms: insufficient ICC profile version validation (OpenJDK 2D, 8031335)" }, { "cve": "CVE-2014-0460", "discovery_date": "2014-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1087442" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0460" }, { "category": "external", "summary": "RHBZ#1087442", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087442" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0460", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0460" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0460", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0460" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)" }, { "cve": "CVE-2014-0461", "discovery_date": "2014-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1087426" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0461" }, { "category": "external", "summary": "RHBZ#1087426", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087426" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0461", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0461" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0461", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0461" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794)" }, { "cve": "CVE-2014-1876", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2014-02-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1060907" } ], "notes": [ { "category": "description", "text": "The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-1876" }, { "category": "external", "summary": "RHBZ#1060907", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1060907" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-1876", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1876" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-1876", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1876" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-02-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618)" }, { "cve": "CVE-2014-2397", "discovery_date": "2014-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1087423" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: classfile parser invalid BootstrapMethods attribute length (Hotspot, 8034926)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-2397" }, { "category": "external", "summary": "RHBZ#1087423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-2397", "url": "https://www.cve.org/CVERecord?id=CVE-2014-2397" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-2397", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2397" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: classfile parser invalid BootstrapMethods attribute length (Hotspot, 8034926)" }, { "acknowledgments": [ { "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2014-2398", "discovery_date": "2013-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1086632" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insufficient escaping of window title string (Javadoc, 8026736)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-2398" }, { "category": "external", "summary": "RHBZ#1086632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1086632" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-2398", "url": "https://www.cve.org/CVERecord?id=CVE-2014-2398" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-2398", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2398" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK: insufficient escaping of window title string (Javadoc, 8026736)" }, { "cve": "CVE-2014-2402", "discovery_date": "2014-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1087438" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-0455.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Incorrect NIO channel separation (Libraries, 8026716)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-2402" }, { "category": "external", "summary": "RHBZ#1087438", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087438" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-2402", "url": "https://www.cve.org/CVERecord?id=CVE-2014-2402" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-2402", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2402" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: Incorrect NIO channel separation (Libraries, 8026716)" }, { "cve": "CVE-2014-2403", "discovery_date": "2014-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1087443" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: JAXP CharInfo file access restriction (JAXP, 8029282)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-2403" }, { "category": "external", "summary": "RHBZ#1087443", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087443" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-2403", "url": "https://www.cve.org/CVERecord?id=CVE-2014-2403" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-2403", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2403" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: JAXP CharInfo file access restriction (JAXP, 8029282)" }, { "cve": "CVE-2014-2412", "discovery_date": "2014-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1087427" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: AWT thread context handling (AWT, 8025010)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-2412" }, { "category": "external", "summary": "RHBZ#1087427", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087427" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-2412", "url": "https://www.cve.org/CVERecord?id=CVE-2014-2412" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-2412", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2412" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: AWT thread context handling (AWT, 8025010)" }, { "cve": "CVE-2014-2413", "discovery_date": "2014-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1087446" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: method handle call hierachy bypass (Libraries, 8032686)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-2413" }, { "category": "external", "summary": "RHBZ#1087446", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087446" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-2413", "url": "https://www.cve.org/CVERecord?id=CVE-2014-2413" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-2413", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2413" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: method handle call hierachy bypass (Libraries, 8032686)" }, { "cve": "CVE-2014-2414", "discovery_date": "2014-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1087431" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-2414" }, { "category": "external", "summary": "RHBZ#1087431", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087431" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-2414", "url": "https://www.cve.org/CVERecord?id=CVE-2014-2414" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-2414", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2414" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030)" }, { "cve": "CVE-2014-2421", "discovery_date": "2014-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1087417" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: JPEG decoder input stream handling (2D, 8029854)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-2421" }, { "category": "external", "summary": "RHBZ#1087417", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087417" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-2421", "url": "https://www.cve.org/CVERecord?id=CVE-2014-2421" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-2421", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2421" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: JPEG decoder input stream handling (2D, 8029854)" }, { "cve": "CVE-2014-2423", "discovery_date": "2014-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1087434" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-2423" }, { "category": "external", "summary": "RHBZ#1087434", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087434" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-2423", "url": "https://www.cve.org/CVERecord?id=CVE-2014-2423" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-2423", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2423" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)" }, { "cve": "CVE-2014-2427", "discovery_date": "2014-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1087441" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-2427" }, { "category": "external", "summary": "RHBZ#1087441", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087441" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-2427", "url": "https://www.cve.org/CVERecord?id=CVE-2014-2427" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-2427", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2427" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" } ], "release_date": "2014-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-16T11:23:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0407" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.src", "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.i386", "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163)" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.