rhsa-2015_0068
Vulnerability from csaf_redhat
Published
2015-01-20 22:38
Modified
2024-11-05 18:44
Summary
Red Hat Security Advisory: java-1.7.0-openjdk security update
Notes
Topic
Updated java-1.7.0-openjdk packages that fix multiple security issues are
now available for Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.
A flaw was found in the way the Hotspot component in OpenJDK verified
bytecode from the class files. An untrusted Java application or applet
could possibly use this flaw to bypass Java sandbox restrictions.
(CVE-2014-6601)
Multiple improper permission check issues were discovered in the JAX-WS,
and RMI components in OpenJDK. An untrusted Java application or applet
could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412,
CVE-2015-0408)
A flaw was found in the way the Hotspot garbage collector handled phantom
references. An untrusted Java application or applet could use this flaw to
corrupt the Java Virtual Machine memory and, possibly, execute arbitrary
code, bypassing Java sandbox restrictions. (CVE-2015-0395)
A flaw was found in the way the DER (Distinguished Encoding Rules) decoder
in the Security component in OpenJDK handled negative length values. A
specially crafted, DER-encoded input could cause a Java application to
enter an infinite loop when decoded. (CVE-2015-0410)
A flaw was found in the way the SSL 3.0 protocol handled padding bytes when
decrypting messages that were encrypted using block ciphers in cipher block
chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle
(MITM) attacker to decrypt portions of the cipher text using a padding
oracle attack. (CVE-2014-3566)
Note: This update disables SSL 3.0 by default to address this issue.
The jdk.tls.disabledAlgorithms security property can be used to re-enable
SSL 3.0 support if needed. For additional information, refer to the Red Hat
Bugzilla bug linked to in the References section.
It was discovered that the SSL/TLS implementation in the JSSE component in
OpenJDK failed to properly check whether the ChangeCipherSpec was received
during the SSL/TLS connection handshake. An MITM attacker could possibly
use this flaw to force a connection to be established without encryption
being enabled. (CVE-2014-6593)
An information leak flaw was found in the Swing component in OpenJDK. An
untrusted Java application or applet could use this flaw to bypass certain
Java sandbox restrictions. (CVE-2015-0407)
A NULL pointer dereference flaw was found in the MulticastSocket
implementation in the Libraries component of OpenJDK. An untrusted Java
application or applet could possibly use this flaw to bypass certain Java
sandbox restrictions. (CVE-2014-6587)
Multiple boundary check flaws were found in the font parsing code in the 2D
component in OpenJDK. A specially crafted font file could allow an
untrusted Java application or applet to disclose portions of the Java
Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591)
Multiple insecure temporary file use issues were found in the way the
Hotspot component in OpenJDK created performance statistics and error log
files. A local attacker could possibly make a victim using OpenJDK
overwrite arbitrary files using a symlink attack. (CVE-2015-0383)
The CVE-2015-0383 issue was discovered by Red Hat.
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated java-1.7.0-openjdk packages that fix multiple security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nA flaw was found in the way the Hotspot component in OpenJDK verified\nbytecode from the class files. An untrusted Java application or applet\ncould possibly use this flaw to bypass Java sandbox restrictions.\n(CVE-2014-6601)\n\nMultiple improper permission check issues were discovered in the JAX-WS,\nand RMI components in OpenJDK. An untrusted Java application or applet\ncould use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412,\nCVE-2015-0408)\n\nA flaw was found in the way the Hotspot garbage collector handled phantom\nreferences. An untrusted Java application or applet could use this flaw to\ncorrupt the Java Virtual Machine memory and, possibly, execute arbitrary\ncode, bypassing Java sandbox restrictions. (CVE-2015-0395)\n\nA flaw was found in the way the DER (Distinguished Encoding Rules) decoder\nin the Security component in OpenJDK handled negative length values. A\nspecially crafted, DER-encoded input could cause a Java application to\nenter an infinite loop when decoded. (CVE-2015-0410)\n\nA flaw was found in the way the SSL 3.0 protocol handled padding bytes when\ndecrypting messages that were encrypted using block ciphers in cipher block\nchaining (CBC) mode. This flaw could possibly allow a man-in-the-middle\n(MITM) attacker to decrypt portions of the cipher text using a padding\noracle attack. (CVE-2014-3566)\n\nNote: This update disables SSL 3.0 by default to address this issue.\nThe jdk.tls.disabledAlgorithms security property can be used to re-enable\nSSL 3.0 support if needed. For additional information, refer to the Red Hat\nBugzilla bug linked to in the References section.\n\nIt was discovered that the SSL/TLS implementation in the JSSE component in\nOpenJDK failed to properly check whether the ChangeCipherSpec was received\nduring the SSL/TLS connection handshake. An MITM attacker could possibly\nuse this flaw to force a connection to be established without encryption\nbeing enabled. (CVE-2014-6593)\n\nAn information leak flaw was found in the Swing component in OpenJDK. An\nuntrusted Java application or applet could use this flaw to bypass certain\nJava sandbox restrictions. (CVE-2015-0407)\n\nA NULL pointer dereference flaw was found in the MulticastSocket\nimplementation in the Libraries component of OpenJDK. An untrusted Java\napplication or applet could possibly use this flaw to bypass certain Java\nsandbox restrictions. (CVE-2014-6587)\n\nMultiple boundary check flaws were found in the font parsing code in the 2D\ncomponent in OpenJDK. A specially crafted font file could allow an\nuntrusted Java application or applet to disclose portions of the Java\nVirtual Machine memory. (CVE-2014-6585, CVE-2014-6591)\n\nMultiple insecure temporary file use issues were found in the way the\nHotspot component in OpenJDK created performance statistics and error log\nfiles. A local attacker could possibly make a victim using OpenJDK\noverwrite arbitrary files using a symlink attack. (CVE-2015-0383)\n\nThe CVE-2015-0383 issue was discovered by Red Hat.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2015:0068", "url": "https://access.redhat.com/errata/RHSA-2015:0068" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789#c82", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789#c82" }, { "category": "external", "summary": "1123870", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123870" }, { "category": "external", "summary": "1152789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789" }, { "category": "external", "summary": "1183020", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183020" }, { "category": "external", "summary": "1183021", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183021" }, { "category": "external", "summary": "1183023", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183023" }, { "category": "external", "summary": "1183031", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183031" }, { "category": "external", "summary": "1183043", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183043" }, { "category": "external", "summary": "1183044", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183044" }, { "category": "external", "summary": "1183049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183049" }, { "category": "external", "summary": "1183645", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183645" }, { "category": "external", "summary": "1183646", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183646" }, { "category": "external", "summary": "1183715", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183715" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0068.json" } ], "title": "Red Hat Security Advisory: java-1.7.0-openjdk security update", "tracking": { "current_release_date": "2024-11-05T18:44:18+00:00", "generator": { "date": "2024-11-05T18:44:18+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2015:0068", "initial_release_date": "2015-01-20T22:38:26+00:00", "revision_history": [ { "date": "2015-01-20T22:38:26+00:00", "number": "1", "summary": "Initial version" }, { "date": "2015-01-20T22:38:26+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T18:44:18+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.11.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux (v. 5 server)", "product": { "name": "Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.11.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "product": { "name": "java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "product_id": "java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-javadoc@1.7.0.75-2.5.4.0.el5_11?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "product": { "name": "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "product_id": "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk@1.7.0.75-2.5.4.0.el5_11?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "product": { "name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "product_id": "java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-debuginfo@1.7.0.75-2.5.4.0.el5_11?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "product": { "name": "java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "product_id": "java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-devel@1.7.0.75-2.5.4.0.el5_11?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "product": { "name": "java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "product_id": "java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-src@1.7.0.75-2.5.4.0.el5_11?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "product": { "name": "java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "product_id": "java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-demo@1.7.0.75-2.5.4.0.el5_11?arch=i386\u0026epoch=1" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "product": { "name": "java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "product_id": "java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-javadoc@1.7.0.75-2.5.4.0.el5_11?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "product": { "name": "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "product_id": "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk@1.7.0.75-2.5.4.0.el5_11?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "product": { "name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "product_id": "java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-debuginfo@1.7.0.75-2.5.4.0.el5_11?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "product": { "name": "java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "product_id": "java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-devel@1.7.0.75-2.5.4.0.el5_11?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "product": { "name": "java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "product_id": "java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-src@1.7.0.75-2.5.4.0.el5_11?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "product": { "name": "java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "product_id": "java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-demo@1.7.0.75-2.5.4.0.el5_11?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "product": { "name": "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "product_id": "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk@1.7.0.75-2.5.4.0.el5_11?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386" }, "product_reference": "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "relates_to_product_reference": "5Client-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src" }, "product_reference": "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "relates_to_product_reference": "5Client-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64" }, "product_reference": "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "relates_to_product_reference": "5Client-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386" }, "product_reference": "java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "relates_to_product_reference": "5Client-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64" }, "product_reference": "java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "relates_to_product_reference": "5Client-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386" }, "product_reference": "java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "relates_to_product_reference": "5Client-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64" }, "product_reference": "java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "relates_to_product_reference": "5Client-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386" }, "product_reference": "java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "relates_to_product_reference": "5Client-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64" }, "product_reference": "java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "relates_to_product_reference": "5Client-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386" }, "product_reference": "java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "relates_to_product_reference": "5Client-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64" }, "product_reference": "java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "relates_to_product_reference": "5Client-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386" }, "product_reference": "java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "relates_to_product_reference": "5Client-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" }, "product_reference": "java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "relates_to_product_reference": "5Client-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386" }, "product_reference": "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "relates_to_product_reference": "5Server-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src" }, "product_reference": "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "relates_to_product_reference": "5Server-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64" }, "product_reference": "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "relates_to_product_reference": "5Server-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386" }, "product_reference": "java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "relates_to_product_reference": "5Server-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64" }, "product_reference": "java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "relates_to_product_reference": "5Server-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386" }, "product_reference": "java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "relates_to_product_reference": "5Server-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64" }, "product_reference": "java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "relates_to_product_reference": "5Server-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386" }, "product_reference": "java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "relates_to_product_reference": "5Server-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64" }, "product_reference": "java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "relates_to_product_reference": "5Server-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386" }, "product_reference": "java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "relates_to_product_reference": "5Server-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64" }, "product_reference": "java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "relates_to_product_reference": "5Server-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386" }, "product_reference": "java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "relates_to_product_reference": "5Server-5.11.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" }, "product_reference": "java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "relates_to_product_reference": "5Server-5.11.Z" } ] }, "vulnerabilities": [ { "cve": "CVE-2014-3566", "cwe": { "id": "CWE-757", "name": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)" }, "discovery_date": "2014-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1152789" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.", "title": "Vulnerability description" }, { "category": "summary", "text": "SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the version of openssl as shipped with Red Hat Enterprise Linux 5, 6 and 7, Red Hat JBoss Enterprise Application Platform 5 and 6, and Red Hat JBoss Web Server 1 and 2, Red Hat Enterprise Virtualization Hypervisor 6.5, and Red Hat Storage 2.1.\n\nThis issue affects the version of nss as shipped with Red Hat Enterprise Linux 5, 6 and 7.\n\nAdditional information can be found in the Red Hat Knowledgebase article: \nhttps://access.redhat.com/articles/1232123", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-3566" }, { "category": "external", "summary": "RHBZ#1152789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-3566", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3566" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3566", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3566" } ], "release_date": "2014-10-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-01-20T22:38:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0068" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack" }, { "cve": "CVE-2014-6585", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2015-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1183645" } ], "notes": [ { "category": "description", "text": "A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "ICU: font parsing OOB read (OpenJDK 2D, 8055489)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-6585" }, { "category": "external", "summary": "RHBZ#1183645", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183645" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-6585", "url": "https://www.cve.org/CVERecord?id=CVE-2014-6585" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6585", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6585" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" } ], "release_date": "2015-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-01-20T22:38:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0068" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "ICU: font parsing OOB read (OpenJDK 2D, 8055489)" }, { "cve": "CVE-2014-6587", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2015-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1183715" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-6587" }, { "category": "external", "summary": "RHBZ#1183715", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183715" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-6587", "url": "https://www.cve.org/CVERecord?id=CVE-2014-6587" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6587", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6587" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" } ], "release_date": "2015-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-01-20T22:38:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0068" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)" }, { "cve": "CVE-2014-6591", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2015-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1183646" } ], "notes": [ { "category": "description", "text": "A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "ICU: font parsing OOB read (OpenJDK 2D, 8056276)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-6591" }, { "category": "external", "summary": "RHBZ#1183646", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183646" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-6591", "url": "https://www.cve.org/CVERecord?id=CVE-2014-6591" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6591", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6591" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" } ], "release_date": "2015-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-01-20T22:38:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0068" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "ICU: font parsing OOB read (OpenJDK 2D, 8056276)" }, { "cve": "CVE-2014-6593", "discovery_date": "2015-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1183049" } ], "notes": [ { "category": "description", "text": "It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-6593" }, { "category": "external", "summary": "RHBZ#1183049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-6593", "url": "https://www.cve.org/CVERecord?id=CVE-2014-6593" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6593", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6593" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" } ], "release_date": "2015-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-01-20T22:38:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0068" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)" }, { "cve": "CVE-2014-6601", "discovery_date": "2015-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1183020" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-6601" }, { "category": "external", "summary": "RHBZ#1183020", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183020" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-6601", "url": "https://www.cve.org/CVERecord?id=CVE-2014-6601" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6601", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6601" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" } ], "release_date": "2015-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-01-20T22:38:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0068" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982)" }, { "acknowledgments": [ { "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2015-0383", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2014-07-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1123870" } ], "notes": [ { "category": "description", "text": "Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0383" }, { "category": "external", "summary": "RHBZ#1123870", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123870" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0383", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0383" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0383", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0383" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" } ], "release_date": "2015-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-01-20T22:38:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0068" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807)" }, { "cve": "CVE-2015-0395", "discovery_date": "2015-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1183031" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0395" }, { "category": "external", "summary": "RHBZ#1183031", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183031" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0395", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0395" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0395", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0395" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" } ], "release_date": "2015-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-01-20T22:38:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0068" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125)" }, { "cve": "CVE-2015-0407", "discovery_date": "2015-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1183043" } ], "notes": [ { "category": "description", "text": "An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: directory information leak via file chooser (Swing, 8055304)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0407" }, { "category": "external", "summary": "RHBZ#1183043", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183043" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0407", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0407" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0407", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0407" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" } ], "release_date": "2015-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-01-20T22:38:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0068" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: directory information leak via file chooser (Swing, 8055304)" }, { "cve": "CVE-2015-0408", "discovery_date": "2015-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1183023" } ], "notes": [ { "category": "description", "text": "An improper permission check issue was discovered in the RMI component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0408" }, { "category": "external", "summary": "RHBZ#1183023", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183023" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0408", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0408" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0408", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0408" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" } ], "release_date": "2015-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-01-20T22:38:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0068" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)" }, { "cve": "CVE-2015-0410", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2015-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1183044" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: DER decoder infinite loop (Security, 8059485)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0410" }, { "category": "external", "summary": "RHBZ#1183044", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183044" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0410", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0410" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0410", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0410" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" } ], "release_date": "2015-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-01-20T22:38:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0068" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: DER decoder infinite loop (Security, 8059485)" }, { "cve": "CVE-2015-0412", "discovery_date": "2015-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1183021" } ], "notes": [ { "category": "description", "text": "An improper permission check issue was discovered in the JAX-WS component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0412" }, { "category": "external", "summary": "RHBZ#1183021", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183021" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0412", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0412" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0412", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0412" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" } ], "release_date": "2015-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-01-20T22:38:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0068" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Client-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Client-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.src", "5Server-5.11.Z:java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-demo-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-devel-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.75-2.5.4.0.el5_11.x86_64", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.i386", "5Server-5.11.Z:java-1.7.0-openjdk-src-1:1.7.0.75-2.5.4.0.el5_11.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.