First published: Wed Jan 15 2014(Updated: )
These packages provide the OpenJDK 7 Java Runtime Environment and the<br>OpenJDK 7 Software Development Kit.<br>An input validation flaw was discovered in the font layout engine in the 2D<br>component. A specially crafted font file could trigger Java Virtual Machine<br>memory corruption when processed. An untrusted Java application or applet<br>could possibly use this flaw to bypass Java sandbox restrictions.<br>(CVE-2013-5907)<br>Multiple improper permission check issues were discovered in the CORBA,<br>JNDI, and Libraries components in OpenJDK. An untrusted Java application or<br>applet could use these flaws to bypass Java sandbox restrictions.<br>(CVE-2014-0428, CVE-2014-0422, CVE-2013-5893)<br>Multiple improper permission check issues were discovered in the<br>Serviceability, Security, CORBA, JAAS, JAXP, and Networking components in<br>OpenJDK. An untrusted Java application or applet could use these flaws to<br>bypass certain Java sandbox restrictions. (CVE-2014-0373, CVE-2013-5878,<br>CVE-2013-5910, CVE-2013-5896, CVE-2013-5884, CVE-2014-0416, CVE-2014-0376,<br>CVE-2014-0368)<br>It was discovered that the Beans component did not restrict processing of<br>XML external entities. This flaw could cause a Java application using Beans<br>to leak sensitive information, or affect application availability.<br>(CVE-2014-0423)<br>It was discovered that the JSSE component could leak timing information<br>during the TLS/SSL handshake. This could possibly lead to disclosure of<br>information about the used encryption keys. (CVE-2014-0411)<br>All users of java-1.7.0-openjdk are advised to upgrade to these updated<br>packages, which resolve these issues. All running instances of OpenJDK Java<br>must be restarted for the update to take effect.<br>
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <1.7.0-openjdk-1.7.0.51-2.4.4.1.el5_10 | 1.7.0-openjdk-1.7.0.51-2.4.4.1.el5_10 |
redhat/java | <1.7.0-openjdk-1.7.0.51-2.4.4.1.el5_10 | 1.7.0-openjdk-1.7.0.51-2.4.4.1.el5_10 |
redhat/java | <1.7.0-openjdk-debuginfo-1.7.0.51-2.4.4.1.el5_10 | 1.7.0-openjdk-debuginfo-1.7.0.51-2.4.4.1.el5_10 |
redhat/java | <1.7.0-openjdk-demo-1.7.0.51-2.4.4.1.el5_10 | 1.7.0-openjdk-demo-1.7.0.51-2.4.4.1.el5_10 |
redhat/java | <1.7.0-openjdk-devel-1.7.0.51-2.4.4.1.el5_10 | 1.7.0-openjdk-devel-1.7.0.51-2.4.4.1.el5_10 |
redhat/java | <1.7.0-openjdk-javadoc-1.7.0.51-2.4.4.1.el5_10 | 1.7.0-openjdk-javadoc-1.7.0.51-2.4.4.1.el5_10 |
redhat/java | <1.7.0-openjdk-src-1.7.0.51-2.4.4.1.el5_10 | 1.7.0-openjdk-src-1.7.0.51-2.4.4.1.el5_10 |
redhat/java | <1.7.0-openjdk-debuginfo-1.7.0.51-2.4.4.1.el5_10 | 1.7.0-openjdk-debuginfo-1.7.0.51-2.4.4.1.el5_10 |
redhat/java | <1.7.0-openjdk-demo-1.7.0.51-2.4.4.1.el5_10 | 1.7.0-openjdk-demo-1.7.0.51-2.4.4.1.el5_10 |
redhat/java | <1.7.0-openjdk-devel-1.7.0.51-2.4.4.1.el5_10 | 1.7.0-openjdk-devel-1.7.0.51-2.4.4.1.el5_10 |
redhat/java | <1.7.0-openjdk-javadoc-1.7.0.51-2.4.4.1.el5_10 | 1.7.0-openjdk-javadoc-1.7.0.51-2.4.4.1.el5_10 |
redhat/java | <1.7.0-openjdk-src-1.7.0.51-2.4.4.1.el5_10 | 1.7.0-openjdk-src-1.7.0.51-2.4.4.1.el5_10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.