What is the severity of RHSA-2014:0097?

The severity of RHSA-2014:0097 is classified as important.

How do I fix RHSA-2014:0097?

To fix RHSA-2014:0097, update to the provided fixed package versions such as 1.6.0-openjdk-1.6.0.0-3.1.13.1.el6_5.

What packages are affected by RHSA-2014:0097?

Affected packages include various OpenJDK 6 packages, such as java, java-devel, and java-javadoc.

What type of vulnerability is described in RHSA-2014:0097?

RHSA-2014:0097 describes an input validation flaw in the font layout engine of OpenJDK 6.

Is this vulnerability related to memory issues in Java applications?

Yes, this vulnerability could potentially lead to memory corruption issues in Java applications when processing specially crafted font files.

Vulnerability/
RHSA-2014:0097

CWE

27/1/2014

RHSA-2014:0097: Important: java-1.6.0-openjdk security update

First published: Mon Jan 27 2014(Updated: )

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger a Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2013-5907) Multiple improper permission check issues were discovered in the CORBA and JNDI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0428, CVE-2014-0422) Multiple improper permission check issues were discovered in the Serviceability, Security, CORBA, JAAS, JAXP, and Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-0373, CVE-2013-5878, CVE-2013-5910, CVE-2013-5896, CVE-2013-5884, CVE-2014-0416, CVE-2014-0376, CVE-2014-0368) It was discovered that the Beans component did not restrict processing of XML external entities. This flaw could cause a Java application using Beans to leak sensitive information, or affect application availability. (CVE-2014-0423) It was discovered that the JSSE component could leak timing information during the TLS/SSL handshake. This could possibly lead to a disclosure of information about the used encryption keys. (CVE-2014-0411) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2014:0097?
The severity of RHSA-2014:0097 is classified as important.
How do I fix RHSA-2014:0097?
To fix RHSA-2014:0097, update to the provided fixed package versions such as 1.6.0-openjdk-1.6.0.0-3.1.13.1.el6_5.
What packages are affected by RHSA-2014:0097?
Affected packages include various OpenJDK 6 packages, such as java, java-devel, and java-javadoc.
What type of vulnerability is described in RHSA-2014:0097?
RHSA-2014:0097 describes an input validation flaw in the font layout engine of OpenJDK 6.
Is this vulnerability related to memory issues in Java applications?
Yes, this vulnerability could potentially lead to memory corruption issues in Java applications when processing specially crafted font files.

collector/redhat-errata
anchor-id/RHSA-2014:0097
agent/title
agent/weakness
agent/severity
agent/references
agent/tags
agent/type
agent/event
agent/description
agent/remedy
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
package-manager/redhat