- Vulnerability/
- RHSA-2015:1921
RHSA-2015:1921: Important: java-1.7.0-openjdk security update
First published: Wed Oct 21 2015(Updated: )
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime<br>Environment and the OpenJDK 7 Java Software Development Kit.<br>Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization,<br>and 2D components in OpenJDK. An untrusted Java application or applet could<br>use these flaws to completely bypass Java sandbox restrictions.<br>(CVE-2015-4835, CVE-2015-4881, CVE-2015-4843, CVE-2015-4883, CVE-2015-4860,<br>CVE-2015-4805, CVE-2015-4844)<br>Multiple denial of service flaws were found in the JAXP component in<br>OpenJDK. A specially crafted XML file could cause a Java application using<br>JAXP to consume an excessive amount of CPU and memory when parsed.<br>(CVE-2015-4803, CVE-2015-4893, CVE-2015-4911)<br>It was discovered that the Security component in OpenJDK failed to properly<br>check if a certificate satisfied all defined constraints. In certain cases,<br>this could cause a Java application to accept an X.509 certificate which<br>does not meet requirements of the defined policy. (CVE-2015-4872)<br>Multiple flaws were found in the Libraries, 2D, CORBA, JAXP, JGSS, and RMI<br>components in OpenJDK. An untrusted Java application or applet could use<br>these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4806,<br>CVE-2015-4840, CVE-2015-4882, CVE-2015-4842, CVE-2015-4734, CVE-2015-4903)<br>Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the<br>CVE-2015-4806 issue.<br>All users of java-1.7.0-openjdk are advised to upgrade to these updated<br>packages, which resolve these issues. All running instances of OpenJDK Java<br>must be restarted for the update to take effect.<br>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/java | <1.7.0-openjdk-1.7.0.91-2.6.2.1.el5_11 | 1.7.0-openjdk-1.7.0.91-2.6.2.1.el5_11 |
| redhat/java | <1.7.0-openjdk-1.7.0.91-2.6.2.1.el5_11 | 1.7.0-openjdk-1.7.0.91-2.6.2.1.el5_11 |
| redhat/java | <1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.1.el5_11 | 1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.1.el5_11 |
| redhat/java | <1.7.0-openjdk-demo-1.7.0.91-2.6.2.1.el5_11 | 1.7.0-openjdk-demo-1.7.0.91-2.6.2.1.el5_11 |
| redhat/java | <1.7.0-openjdk-devel-1.7.0.91-2.6.2.1.el5_11 | 1.7.0-openjdk-devel-1.7.0.91-2.6.2.1.el5_11 |
| redhat/java | <1.7.0-openjdk-javadoc-1.7.0.91-2.6.2.1.el5_11 | 1.7.0-openjdk-javadoc-1.7.0.91-2.6.2.1.el5_11 |
| redhat/java | <1.7.0-openjdk-src-1.7.0.91-2.6.2.1.el5_11 | 1.7.0-openjdk-src-1.7.0.91-2.6.2.1.el5_11 |
| redhat/java | <1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.1.el5_11 | 1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.1.el5_11 |
| redhat/java | <1.7.0-openjdk-demo-1.7.0.91-2.6.2.1.el5_11 | 1.7.0-openjdk-demo-1.7.0.91-2.6.2.1.el5_11 |
| redhat/java | <1.7.0-openjdk-devel-1.7.0.91-2.6.2.1.el5_11 | 1.7.0-openjdk-devel-1.7.0.91-2.6.2.1.el5_11 |
| redhat/java | <1.7.0-openjdk-javadoc-1.7.0.91-2.6.2.1.el5_11 | 1.7.0-openjdk-javadoc-1.7.0.91-2.6.2.1.el5_11 |
| redhat/java | <1.7.0-openjdk-src-1.7.0.91-2.6.2.1.el5_11 | 1.7.0-openjdk-src-1.7.0.91-2.6.2.1.el5_11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1233687
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1273022
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1273027
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1273053
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1273304
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1273308
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1273311
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1273318
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1273338
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1273414
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1273425
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1273430
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1273496
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1273637
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1273638
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1273645
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1273734
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/errata/RHSA-2015:1921 (Advisory)
Frequently Asked Questions
What is the severity of RHSA-2015:1921?
The vulnerability RHSA-2015:1921 is rated as critical due to multiple flaws in OpenJDK components.
How do I fix RHSA-2015:1921?
To fix RHSA-2015:1921, upgrade to the fixed version 1.7.0-openjdk-1.7.0.91-2.6.2.1.el5_11.
What components are affected by RHSA-2015:1921?
RHSA-2015:1921 affects the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK.
What is the impact of exploiting RHSA-2015:1921?
Exploiting RHSA-2015:1921 could allow an untrusted Java application to execute arbitrary code on the system.
Is RHSA-2015:1921 related to Java security vulnerabilities?
Yes, RHSA-2015:1921 addresses critical security vulnerabilities within the OpenJDK implementation of Java.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- anchor-id/RHSA-2015:1921
- package-manager/redhat