rhsa-2013_0958
Vulnerability from csaf_redhat
Published
2013-06-20 00:00
Modified
2024-11-14 13:00
Summary
Red Hat Security Advisory: java-1.7.0-openjdk security update
Notes
Topic
Updated java-1.7.0-openjdk packages that fix various security issues are
now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
These packages provide the OpenJDK 7 Java Runtime Environment and the
OpenJDK 7 Software Development Kit.
Multiple flaws were discovered in the ImagingLib and the image attribute,
channel, layout and raster processing in the 2D component. An untrusted
Java application or applet could possibly use these flaws to trigger Java
Virtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,
CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)
Integer overflow flaws were found in the way AWT processed certain input.
An attacker could use these flaws to execute arbitrary code with the
privileges of the user running an untrusted Java applet or application.
(CVE-2013-2459)
Multiple improper permission check issues were discovered in the Sound,
JDBC, Libraries, JMX, and Serviceability components in OpenJDK. An
untrusted Java application or applet could use these flaws to bypass Java
sandbox restrictions. (CVE-2013-2448, CVE-2013-2454, CVE-2013-2458,
CVE-2013-2457, CVE-2013-2453, CVE-2013-2460)
Multiple flaws in the Serialization, Networking, Libraries and CORBA
components can be exploited by an untrusted Java application or applet to
gain access to potentially sensitive information. (CVE-2013-2456,
CVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)
It was discovered that the Hotspot component did not properly handle
out-of-memory errors. An untrusted Java application or applet could
possibly use these flaws to terminate the Java Virtual Machine.
(CVE-2013-2445)
It was discovered that the AWT component did not properly manage certain
resources and that the ObjectStreamClass of the Serialization component
did not properly handle circular references. An untrusted Java application
or applet could possibly use these flaws to cause a denial of service.
(CVE-2013-2444, CVE-2013-2450)
It was discovered that the Libraries component contained certain errors
related to XML security and the class loader. A remote attacker could
possibly exploit these flaws to bypass intended security mechanisms or
disclose potentially sensitive information and cause a denial of service.
(CVE-2013-2407, CVE-2013-2461)
It was discovered that JConsole did not properly inform the user when
establishing an SSL connection failed. An attacker could exploit this flaw
to gain access to potentially sensitive information. (CVE-2013-2412)
It was discovered that GnomeFileTypeDetector did not check for read
permissions when accessing files. An untrusted Java application or applet
could possibly use this flaw to disclose potentially sensitive information.
(CVE-2013-2449)
It was found that documentation generated by Javadoc was vulnerable to a
frame injection attack. If such documentation was accessible over a
network, and a remote attacker could trick a user into visiting a
specially-crafted URL, it would lead to arbitrary web content being
displayed next to the documentation. This could be used to perform a
phishing attack by providing frame content that spoofed a login form on
the site hosting the vulnerable documentation. (CVE-2013-1571)
It was discovered that the 2D component created shared memory segments with
insecure permissions. A local attacker could use this flaw to read or write
to the shared memory segment. (CVE-2013-1500)
Red Hat would like to thank Tim Brown for reporting CVE-2013-1500, and
US-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the
original reporter of CVE-2013-1571.
This erratum also upgrades the OpenJDK package to IcedTea7 2.3.10. Refer to
the NEWS file, linked to in the References, for further information.
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated java-1.7.0-openjdk packages that fix various security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "These packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image attribute,\nchannel, layout and raster processing in the 2D component. An untrusted\nJava application or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain input.\nAn attacker could use these flaws to execute arbitrary code with the\nprivileges of the user running an untrusted Java applet or application.\n(CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound,\nJDBC, Libraries, JMX, and Serviceability components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2013-2448, CVE-2013-2454, CVE-2013-2458,\nCVE-2013-2457, CVE-2013-2453, CVE-2013-2460)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet to\ngain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage certain\nresources and that the ObjectStreamClass of the Serialization component\ndid not properly handle circular references. An untrusted Java application\nor applet could possibly use these flaws to cause a denial of service.\n(CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain errors\nrelated to XML security and the class loader. A remote attacker could\npossibly exploit these flaws to bypass intended security mechanisms or\ndisclose potentially sensitive information and cause a denial of service.\n(CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this flaw\nto gain access to potentially sensitive information. (CVE-2013-2412)\n\nIt was discovered that GnomeFileTypeDetector did not check for read\npermissions when accessing files. An untrusted Java application or applet\ncould possibly use this flaw to disclose potentially sensitive information.\n(CVE-2013-2449)\n\nIt was found that documentation generated by Javadoc was vulnerable to a\nframe injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially-crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form on\nthe site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments with\ninsecure permissions. A local attacker could use this flaw to read or write\nto the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank Tim Brown for reporting CVE-2013-1500, and\nUS-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571.\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.10. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2013:0958", "url": "https://access.redhat.com/errata/RHSA-2013:0958" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.10/NEWS", "url": "http://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.10/NEWS" }, { "category": "external", "summary": "973474", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=973474" }, { "category": "external", "summary": "975099", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975099" }, { "category": "external", "summary": "975102", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975102" }, { "category": "external", "summary": "975107", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975107" }, { "category": "external", "summary": "975110", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975110" }, { "category": "external", "summary": "975115", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975115" }, { "category": "external", "summary": "975118", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975118" }, { "category": "external", "summary": "975120", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975120" }, { "category": "external", "summary": "975121", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975121" }, { "category": "external", "summary": "975122", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975122" }, { "category": "external", "summary": "975124", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975124" }, { "category": "external", "summary": "975125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975125" }, { "category": "external", "summary": "975126", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975126" }, { "category": "external", "summary": "975127", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975127" }, { "category": "external", "summary": "975129", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975129" }, { "category": "external", "summary": "975130", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975130" }, { "category": "external", "summary": "975131", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975131" }, { "category": "external", "summary": "975132", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975132" }, { "category": "external", "summary": "975133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975133" }, { "category": "external", "summary": "975134", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975134" }, { "category": "external", "summary": "975137", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975137" }, { "category": "external", "summary": "975138", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975138" }, { "category": "external", "summary": "975139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975139" }, { "category": "external", "summary": "975140", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975140" }, { "category": "external", "summary": "975141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975141" }, { "category": "external", "summary": "975142", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975142" }, { "category": "external", "summary": "975144", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975144" }, { "category": "external", "summary": "975145", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975145" }, { "category": "external", "summary": "975148", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975148" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0958.json" } ], "title": "Red Hat Security Advisory: java-1.7.0-openjdk security update", "tracking": { "current_release_date": "2024-11-14T13:00:46+00:00", "generator": { "date": "2024-11-14T13:00:46+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2013:0958", "initial_release_date": "2013-06-20T00:00:00+00:00", "revision_history": [ { "date": "2013-06-20T00:00:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2013-06-20T00:03:25+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T13:00:46+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux (v. 5 server)", "product": { "name": "Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "product": { "name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "product_id": "java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-debuginfo@1.7.0.25-2.3.10.4.el5_9?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "product": { "name": "java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "product_id": "java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-javadoc@1.7.0.25-2.3.10.4.el5_9?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "product": { "name": "java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "product_id": "java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-devel@1.7.0.25-2.3.10.4.el5_9?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "product": { "name": "java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "product_id": "java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-src@1.7.0.25-2.3.10.4.el5_9?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "product": { "name": "java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "product_id": "java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk@1.7.0.25-2.3.10.4.el5_9?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "product": { "name": "java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "product_id": "java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-demo@1.7.0.25-2.3.10.4.el5_9?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "product": { "name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "product_id": "java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-debuginfo@1.7.0.25-2.3.10.4.el5_9?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "product": { "name": "java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "product_id": "java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-javadoc@1.7.0.25-2.3.10.4.el5_9?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "product": { "name": "java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "product_id": "java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-devel@1.7.0.25-2.3.10.4.el5_9?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "product": { "name": "java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "product_id": "java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-src@1.7.0.25-2.3.10.4.el5_9?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "product": { "name": "java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "product_id": "java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk@1.7.0.25-2.3.10.4.el5_9?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "product": { "name": "java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "product_id": "java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk-demo@1.7.0.25-2.3.10.4.el5_9?arch=i386\u0026epoch=1" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "product": { "name": "java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "product_id": "java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-openjdk@1.7.0.25-2.3.10.4.el5_9?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386" }, "product_reference": "java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src" }, "product_reference": "java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64" }, "product_reference": "java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386" }, "product_reference": "java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64" }, "product_reference": "java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386" }, "product_reference": "java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64" }, "product_reference": "java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386" }, "product_reference": "java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64" }, "product_reference": "java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386" }, "product_reference": "java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64" }, "product_reference": "java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386" }, "product_reference": "java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" }, "product_reference": "java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "relates_to_product_reference": "5Server-5.9.Z" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Tim Brown" ] } ], "cve": "CVE-2013-1500", "discovery_date": "2013-01-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975148" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Insecure shared memory permissions (2D, 8001034)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-1500" }, { "category": "external", "summary": "RHBZ#975148", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975148" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1500", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1500" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1500", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1500" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK: Insecure shared memory permissions (2D, 8001034)" }, { "acknowledgments": [ { "names": [ "US-CERT" ] } ], "cve": "CVE-2013-1571", "discovery_date": "2013-06-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "973474" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Frame injection in generated HTML (Javadoc, 8012375)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-1571" }, { "category": "external", "summary": "RHBZ#973474", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=973474" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1571", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1571" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1571", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1571" }, { "category": "external", "summary": "http://www.kb.cert.org/vuls/id/225657", "url": "http://www.kb.cert.org/vuls/id/225657" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Frame injection in generated HTML (Javadoc, 8012375)" }, { "cve": "CVE-2013-2407", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975127" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"XML security and the class loader.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2407" }, { "category": "external", "summary": "RHBZ#975127", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975127" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2407", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2407" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2407", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2407" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744)" }, { "cve": "CVE-2013-2412", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975144" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient indication of an SSL connection failure by JConsole, related to RMI connection dialog box.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: JConsole SSL support (Serviceability, 8003703)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2412" }, { "category": "external", "summary": "RHBZ#975144", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975144" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2412", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2412" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2412", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2412" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: JConsole SSL support (Serviceability, 8003703)" }, { "cve": "CVE-2013-2443", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975137" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect \"checking order\" within the AccessControlContext class.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: AccessControlContext check order issue (Libraries, 8001330)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2443" }, { "category": "external", "summary": "RHBZ#975137", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975137" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2443", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2443" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2443", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2443" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: AccessControlContext check order issue (Libraries, 8001330)" }, { "cve": "CVE-2013-2444", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975131" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not \"properly manage and restrict certain resources related to the processing of fonts,\" possibly involving temporary files.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Resource denial of service (AWT, 8001038)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2444" }, { "category": "external", "summary": "RHBZ#975131", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975131" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2444", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2444" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2444", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2444" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Resource denial of service (AWT, 8001038)" }, { "cve": "CVE-2013-2445", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975124" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Hotspot. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"handling of memory allocation errors.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Better handling of memory allocation errors (Hotspot, 7158805)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2445" }, { "category": "external", "summary": "RHBZ#975124", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975124" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2445", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2445" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2445", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2445" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Better handling of memory allocation errors (Hotspot, 7158805)" }, { "cve": "CVE-2013-2446", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975132" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly enforce access restrictions for CORBA output streams.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: output stream access restrictions (CORBA, 8000642)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2446" }, { "category": "external", "summary": "RHBZ#975132", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975132" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2446", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2446" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2446", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2446" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: output stream access restrictions (CORBA, 8000642)" }, { "cve": "CVE-2013-2447", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975140" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to obtain a socket\u0027s local address via vectors involving inconsistencies between Socket.getLocalAddress and InetAddress.getLocalHost.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Prevent revealing the local address (Networking, 8001318)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2447" }, { "category": "external", "summary": "RHBZ#975140", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975140" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2447", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2447" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2447", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2447" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Prevent revealing the local address (Networking, 8001318)" }, { "cve": "CVE-2013-2448", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975125" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient \"access restrictions\" and \"robustness of sound classes.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Better access restrictions (Sound, 8006328)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2448" }, { "category": "external", "summary": "RHBZ#975125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975125" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2448", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2448" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2448", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2448" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Better access restrictions (Sound, 8006328)" }, { "cve": "CVE-2013-2449", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975145" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to GnomeFileTypeDetector and a missing check for read permissions for a path.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: GnomeFileTypeDetector path access check (Libraries, 8004288)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2449" }, { "category": "external", "summary": "RHBZ#975145", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975145" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2449", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2449" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2449", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2449" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: GnomeFileTypeDetector path access check (Libraries, 8004288)" }, { "cve": "CVE-2013-2450", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975141" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper handling of circular references in ObjectStreamClass.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2450" }, { "category": "external", "summary": "RHBZ#975141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975141" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2450", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2450" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638)" }, { "cve": "CVE-2013-2452", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975138" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"network address handling in virtual machine identifiers\" and the lack of \"unique and unpredictable IDs\" in the java.rmi.dgc.VMID class.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Unique VMIDs (Libraries, 8001033)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2452" }, { "category": "external", "summary": "RHBZ#975138", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975138" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2452", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2452" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2452", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2452" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Unique VMIDs (Libraries, 8001033)" }, { "cve": "CVE-2013-2453", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975134" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for \"package access\" by the MBeanServer Introspector.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: MBeanServer Introspector package access (JMX, 8008124)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2453" }, { "category": "external", "summary": "RHBZ#975134", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975134" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2453", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2453" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2453", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2453" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: MBeanServer Introspector package access (JMX, 8008124)" }, { "cve": "CVE-2013-2454", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975129" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: SerialJavaObject package restriction (JDBC, 8009554)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2454" }, { "category": "external", "summary": "RHBZ#975129", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975129" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2454", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2454" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2454", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2454" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: SerialJavaObject package restriction (JDBC, 8009554)" }, { "cve": "CVE-2013-2455", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975139" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2452. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect access checks by the (1) getEnclosingClass, (2) getEnclosingMethod, and (3) getEnclosingConstructor methods.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: getEnclosing* checks (Libraries, 8007812)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2455" }, { "category": "external", "summary": "RHBZ#975139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975139" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2455", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2455" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2455", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2455" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: getEnclosing* checks (Libraries, 8007812)" }, { "cve": "CVE-2013-2456", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975142" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: ObjectOutputStream access checks (Serialization, 8008132)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2456" }, { "category": "external", "summary": "RHBZ#975142", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975142" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2456", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2456" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2456", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2456" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: ObjectOutputStream access checks (Serialization, 8008132)" }, { "cve": "CVE-2013-2457", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975133" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect implementation of \"certain class checks\" that allows remote attackers to bypass intended class restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Proper class checking (JMX, 8008120)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2457" }, { "category": "external", "summary": "RHBZ#975133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2457", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2457" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2457", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2457" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Proper class checking (JMX, 8008120)" }, { "cve": "CVE-2013-2458", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975130" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via \"an error related to method handles.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Method handles (Libraries, 8009424)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2458" }, { "category": "external", "summary": "RHBZ#975130", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975130" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2458", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2458" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2458", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2458" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Method handles (Libraries, 8009424)" }, { "cve": "CVE-2013-2459", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975121" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"integer overflow checks.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Various AWT integer overflow checks (AWT, 8009071)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2459" }, { "category": "external", "summary": "RHBZ#975121", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975121" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2459", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2459" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2459", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2459" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: Various AWT integer overflow checks (AWT, 8009071)" }, { "cve": "CVE-2013-2460", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975122" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"insufficient access checks\" in the tracing component.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: tracing insufficient access checks (Serviceability, 8010209)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2460" }, { "category": "external", "summary": "RHBZ#975122", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975122" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2460", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2460" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2460", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2460" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: tracing insufficient access checks (Serviceability, 8010209)" }, { "cve": "CVE-2013-2461", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975126" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a \"Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2461" }, { "category": "external", "summary": "RHBZ#975126", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975126" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2461", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2461" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2461", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2461" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281)" }, { "cve": "CVE-2013-2463", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975115" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"Incorrect image attribute verification\" in 2D.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Incorrect image attribute verification (2D, 8012438)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2463" }, { "category": "external", "summary": "RHBZ#975115", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975115" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2463", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2463" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2463", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2463" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: Incorrect image attribute verification (2D, 8012438)" }, { "cve": "CVE-2013-2465", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975118" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"Incorrect image channel verification\" in 2D.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Incorrect image channel verification (2D, 8012597)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2465" }, { "category": "external", "summary": "RHBZ#975118", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975118" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2465", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2465" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2465", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2465" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-03-28T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: Incorrect image channel verification (2D, 8012597)" }, { "cve": "CVE-2013-2469", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975120" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"Incorrect image layout verification\" in 2D.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Incorrect image layout verification (2D, 8012601)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2469" }, { "category": "external", "summary": "RHBZ#975120", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975120" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2469", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2469" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2469", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2469" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: Incorrect image layout verification (2D, 8012601)" }, { "cve": "CVE-2013-2470", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975099" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"ImagingLib byte lookup processing.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: ImagingLib byte lookup processing (2D, 8011243)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2470" }, { "category": "external", "summary": "RHBZ#975099", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975099" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2470", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2470" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2470", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2470" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: ImagingLib byte lookup processing (2D, 8011243)" }, { "cve": "CVE-2013-2471", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975102" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"Incorrect IntegerComponentRaster size checks.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2471" }, { "category": "external", "summary": "RHBZ#975102", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975102" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2471", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2471" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2471", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2471" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248)" }, { "cve": "CVE-2013-2472", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975107" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"Incorrect ShortBandedRaster size checks\" in 2D.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2472" }, { "category": "external", "summary": "RHBZ#975107", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975107" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2472", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2472" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2472", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2472" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253)" }, { "cve": "CVE-2013-2473", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975110" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"Incorrect ByteBandedRaster size checks\" in 2D.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2473" }, { "category": "external", "summary": "RHBZ#975110", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975110" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2473", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2473" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2473", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2473" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-06-20T00:00:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0958" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.src", "5Server-5.9.Z:java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-debuginfo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-demo-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-devel-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-javadoc-1:1.7.0.25-2.3.10.4.el5_9.x86_64", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.i386", "5Server-5.9.Z:java-1.7.0-openjdk-src-1:1.7.0.25-2.3.10.4.el5_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257)" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.