rhsa-2014_0890
Vulnerability from csaf_redhat
Published
2014-07-16 05:18
Modified
2024-09-13 09:18
Summary
Red Hat Security Advisory: java-1.7.0-openjdk security update
Notes
Topic
Updated java-1.7.0-openjdk packages that fix multiple security issues are
now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.
It was discovered that the Hotspot component in OpenJDK did not properly
verify bytecode from the class files. An untrusted Java application or
applet could possibly use these flaws to bypass Java sandbox restrictions.
(CVE-2014-4216, CVE-2014-4219)
A format string flaw was discovered in the Hotspot component event logger
in OpenJDK. An untrusted Java application or applet could use this flaw to
crash the Java Virtual Machine or, potentially, execute arbitrary code with
the privileges of the Java Virtual Machine. (CVE-2014-2490)
Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-4223,
CVE-2014-4262, CVE-2014-2483)
Multiple flaws were discovered in the JMX, Libraries, Security, and
Serviceability components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass certain Java sandbox restrictions.
(CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266)
It was discovered that the RSA algorithm in the Security component in
OpenJDK did not sufficiently perform blinding while performing operations
that were using private keys. An attacker able to measure timing
differences of those operations could possibly leak information about the
used keys. (CVE-2014-4244)
The Diffie-Hellman (DH) key exchange algorithm implementation in the
Security component in OpenJDK failed to validate public DH parameters
properly. This could cause OpenJDK to accept and use weak parameters,
allowing an attacker to recover the negotiated key. (CVE-2014-4263)
The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat
Product Security.
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated java-1.7.0-openjdk packages that fix multiple security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nIt was discovered that the Hotspot component in OpenJDK did not properly\nverify bytecode from the class files. An untrusted Java application or\napplet could possibly use these flaws to bypass Java sandbox restrictions.\n(CVE-2014-4216, CVE-2014-4219)\n\nA format string flaw was discovered in the Hotspot component event logger\nin OpenJDK. An untrusted Java application or applet could use this flaw to\ncrash the Java Virtual Machine or, potentially, execute arbitrary code with\nthe privileges of the Java Virtual Machine. (CVE-2014-2490)\n\nMultiple improper permission check issues were discovered in the Libraries\ncomponent in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2014-4223,\nCVE-2014-4262, CVE-2014-2483)\n\nMultiple flaws were discovered in the JMX, Libraries, Security, and\nServiceability components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266)\n\nIt was discovered that the RSA algorithm in the Security component in\nOpenJDK did not sufficiently perform blinding while performing operations\nthat were using private keys. An attacker able to measure timing\ndifferences of those operations could possibly leak information about the\nused keys. (CVE-2014-4244)\n\nThe Diffie-Hellman (DH) key exchange algorithm implementation in the\nSecurity component in OpenJDK failed to validate public DH parameters\nproperly. This could cause OpenJDK to accept and use weak parameters,\nallowing an attacker to recover the negotiated key. (CVE-2014-4263)\n\nThe CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2014:0890",
"url": "https://access.redhat.com/errata/RHSA-2014:0890"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1075795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1075795"
},
{
"category": "external",
"summary": "1119475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119475"
},
{
"category": "external",
"summary": "1119476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119476"
},
{
"category": "external",
"summary": "1119483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119483"
},
{
"category": "external",
"summary": "1119596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119596"
},
{
"category": "external",
"summary": "1119597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119597"
},
{
"category": "external",
"summary": "1119600",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119600"
},
{
"category": "external",
"summary": "1119602",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119602"
},
{
"category": "external",
"summary": "1119608",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119608"
},
{
"category": "external",
"summary": "1119611",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119611"
},
{
"category": "external",
"summary": "1119613",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119613"
},
{
"category": "external",
"summary": "1119615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119615"
},
{
"category": "external",
"summary": "1119626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119626"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2014/rhsa-2014_0890.json"
}
],
"title": "Red Hat Security Advisory: java-1.7.0-openjdk security update",
"tracking": {
"current_release_date": "2024-09-13T09:18:28+00:00",
"generator": {
"date": "2024-09-13T09:18:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2014:0890",
"initial_release_date": "2014-07-16T05:18:44+00:00",
"revision_history": [
{
"date": "2014-07-16T05:18:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2014-07-16T05:18:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T09:18:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"product": {
"name": "java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"product_id": "java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk-demo@1.7.0.65-2.5.1.2.el5_10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"product": {
"name": "java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"product_id": "java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk-javadoc@1.7.0.65-2.5.1.2.el5_10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"product": {
"name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"product_id": "java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk-debuginfo@1.7.0.65-2.5.1.2.el5_10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"product": {
"name": "java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"product_id": "java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk-src@1.7.0.65-2.5.1.2.el5_10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"product": {
"name": "java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"product_id": "java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk@1.7.0.65-2.5.1.2.el5_10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"product": {
"name": "java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"product_id": "java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk-devel@1.7.0.65-2.5.1.2.el5_10?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"product": {
"name": "java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"product_id": "java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk-demo@1.7.0.65-2.5.1.2.el5_10?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"product": {
"name": "java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"product_id": "java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk-javadoc@1.7.0.65-2.5.1.2.el5_10?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"product": {
"name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"product_id": "java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk-debuginfo@1.7.0.65-2.5.1.2.el5_10?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"product": {
"name": "java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"product_id": "java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk-src@1.7.0.65-2.5.1.2.el5_10?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"product": {
"name": "java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"product_id": "java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk@1.7.0.65-2.5.1.2.el5_10?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"product": {
"name": "java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"product_id": "java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk-devel@1.7.0.65-2.5.1.2.el5_10?arch=i386\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"product": {
"name": "java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"product_id": "java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-openjdk@1.7.0.65-2.5.1.2.el5_10?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src"
},
"product_reference": "java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"relates_to_product_reference": "5Client-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src"
},
"product_reference": "java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386"
},
"product_reference": "java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"relates_to_product_reference": "5Server-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
},
"product_reference": "java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"relates_to_product_reference": "5Server-5.10.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-2483",
"discovery_date": "2014-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1119626"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor\u0027s claim that the issue is related to improper restriction of the \"use of privileged annotations.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Restrict use of privileged annotations (Libraries, 8034985)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-2483"
},
{
"category": "external",
"summary": "RHBZ#1119626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-2483",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2483"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-2483",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2483"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0890"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: Restrict use of privileged annotations (Libraries, 8034985)"
},
{
"cve": "CVE-2014-2490",
"cwe": {
"id": "CWE-134",
"name": "Use of Externally-Controlled Format String"
},
"discovery_date": "2014-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1119597"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Event logger format string vulnerability (Hotspot, 8037076)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-2490"
},
{
"category": "external",
"summary": "RHBZ#1119597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-2490",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2490"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-2490",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2490"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0890"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: Event logger format string vulnerability (Hotspot, 8037076)"
},
{
"cve": "CVE-2014-4209",
"discovery_date": "2014-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1119608"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: SubjectDelegator protection insufficient (JMX, 8029755)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4209"
},
{
"category": "external",
"summary": "RHBZ#1119608",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119608"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4209",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4209"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4209",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4209"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0890"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: SubjectDelegator protection insufficient (JMX, 8029755)"
},
{
"cve": "CVE-2014-4216",
"discovery_date": "2014-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1119600"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Incorrect generic signature attribute parsing (Hotspot, 8037076)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4216"
},
{
"category": "external",
"summary": "RHBZ#1119600",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119600"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4216",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4216"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0890"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: Incorrect generic signature attribute parsing (Hotspot, 8037076)"
},
{
"cve": "CVE-2014-4218",
"discovery_date": "2014-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1119611"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4218"
},
{
"category": "external",
"summary": "RHBZ#1119611",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119611"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4218",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4218"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4218",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4218"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0890"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009)"
},
{
"cve": "CVE-2014-4219",
"discovery_date": "2014-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1119596"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4219"
},
{
"category": "external",
"summary": "RHBZ#1119596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4219",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4219"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0890"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119)"
},
{
"cve": "CVE-2014-4221",
"discovery_date": "2014-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1119483"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: MethodHandles.Lookup insufficient modifiers checks (Libraries, 8035788)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4221"
},
{
"category": "external",
"summary": "RHBZ#1119483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119483"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4221",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4221"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0890"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: MethodHandles.Lookup insufficient modifiers checks (Libraries, 8035788)"
},
{
"cve": "CVE-2014-4223",
"discovery_date": "2014-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1119602"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Incorrect handling of invocations with exhausted ranks (Libraries, 8035793)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4223"
},
{
"category": "external",
"summary": "RHBZ#1119602",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119602"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4223",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4223"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0890"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: Incorrect handling of invocations with exhausted ranks (Libraries, 8035793)"
},
{
"cve": "CVE-2014-4244",
"discovery_date": "2014-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1119475"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: RSA blinding issues (Security, 8031346)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4244"
},
{
"category": "external",
"summary": "RHBZ#1119475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4244"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4244",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4244"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0890"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: RSA blinding issues (Security, 8031346)"
},
{
"cve": "CVE-2014-4252",
"discovery_date": "2014-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1119613"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4252"
},
{
"category": "external",
"summary": "RHBZ#1119613",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119613"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4252",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4252"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4252",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4252"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0890"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004)"
},
{
"acknowledgments": [
{
"names": [
"Florian Weimer"
],
"organization": "Red Hat Product Security",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2014-4262",
"discovery_date": "2014-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1075795"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: AtomicReferenceFieldUpdater missing primitive type check (Libraries, 8039520)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4262"
},
{
"category": "external",
"summary": "RHBZ#1075795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1075795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4262",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4262"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4262",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4262"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0890"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: AtomicReferenceFieldUpdater missing primitive type check (Libraries, 8039520)"
},
{
"cve": "CVE-2014-4263",
"discovery_date": "2014-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1119476"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to \"Diffie-Hellman key agreement.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient Diffie-Hellman public key validation (Security, 8037162)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4263"
},
{
"category": "external",
"summary": "RHBZ#1119476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119476"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4263",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4263"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4263",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4263"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0890"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: insufficient Diffie-Hellman public key validation (Security, 8037162)"
},
{
"cve": "CVE-2014-4266",
"discovery_date": "2014-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1119615"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: InfoBuilder incorrect return values (Serviceability, 8033301)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4266"
},
{
"category": "external",
"summary": "RHBZ#1119615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4266",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4266"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4266",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4266"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0890"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Client-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Client-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.src",
"5Server-5.10.Z:java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10.x86_64",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.i386",
"5Server-5.10.Z:java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: InfoBuilder incorrect return values (Serviceability, 8033301)"
}
]
}
Loading...