English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.881963
Category:CentOS Local Security Checks
Title:CentOS Update for java CESA-2014:0889 centos6
Summary:The remote host is missing an update for the 'java'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'java'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java
Runtime Environment and the OpenJDK 7 Java Software Development Kit.

It was discovered that the Hotspot component in OpenJDK did not properly
verify bytecode from the class files. An untrusted Java application or
applet could possibly use these flaws to bypass Java sandbox restrictions.
(CVE-2014-4216, CVE-2014-4219)

A format string flaw was discovered in the Hotspot component event logger
in OpenJDK. An untrusted Java application or applet could use this flaw to
crash the Java Virtual Machine or, potentially, execute arbitrary code with
the privileges of the Java Virtual Machine. (CVE-2014-2490)

Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-4223,
CVE-2014-4262, CVE-2014-2483)

Multiple flaws were discovered in the JMX, Libraries, Security, and
Serviceability components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass certain Java sandbox restrictions.
(CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266)

It was discovered that the RSA algorithm in the Security component in
OpenJDK did not sufficiently perform blinding while performing operations
that were using private keys. An attacker able to measure timing
differences of those operations could possibly leak information about the
used keys. (CVE-2014-4244)

The Diffie-Hellman (DH) key exchange algorithm implementation in the
Security component in OpenJDK failed to validate public DH parameters
properly. This could cause OpenJDK to accept and use weak parameters,
allowing an attacker to recover the negotiated key. (CVE-2014-4263)

The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat
Product Security.

Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website.

All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

Affected Software/OS:
java on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-2483
BugTraq ID: 68608
http://www.securityfocus.com/bid/68608
Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/534161/100/0/threaded
Debian Security Information: DSA-2987 (Google Search)
http://www.debian.org/security/2014/dsa-2987
http://seclists.org/fulldisclosure/2014/Dec/23
http://security.gentoo.org/glsa/glsa-201502-12.xml
HPdes Security Advisory: HPSBUX03091
http://marc.info/?l=bugtraq&m=140852886808946&w=2
HPdes Security Advisory: SSRT101667
RedHat Security Advisories: RHSA-2014:0902
https://access.redhat.com/errata/RHSA-2014:0902
http://www.securitytracker.com/id/1030577
http://secunia.com/advisories/60485
http://secunia.com/advisories/60812
Common Vulnerability Exposure (CVE) ID: CVE-2014-2490
BugTraq ID: 68645
http://www.securityfocus.com/bid/68645
Debian Security Information: DSA-2980 (Google Search)
http://www.debian.org/security/2014/dsa-2980
http://secunia.com/advisories/60129
Common Vulnerability Exposure (CVE) ID: CVE-2014-4209
BugTraq ID: 68639
http://www.securityfocus.com/bid/68639
HPdes Security Advisory: HPSBUX03092
http://marc.info/?l=bugtraq&m=140852974709252&w=2
HPdes Security Advisory: SSRT101668
RedHat Security Advisories: RHSA-2014:0908
https://access.redhat.com/errata/RHSA-2014:0908
RedHat Security Advisories: RHSA-2015:0264
http://rhn.redhat.com/errata/RHSA-2015-0264.html
http://secunia.com/advisories/59404
http://secunia.com/advisories/59680
http://secunia.com/advisories/59924
http://secunia.com/advisories/59985
http://secunia.com/advisories/59986
http://secunia.com/advisories/59987
http://secunia.com/advisories/60081
http://secunia.com/advisories/60245
http://secunia.com/advisories/60317
http://secunia.com/advisories/60622
http://secunia.com/advisories/60817
http://secunia.com/advisories/61577
http://secunia.com/advisories/61640
SuSE Security Announcement: SUSE-SU-2015:0344 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html
SuSE Security Announcement: SUSE-SU-2015:0376 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html
SuSE Security Announcement: SUSE-SU-2015:0392 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html
XForce ISS Database: oracle-cpujul2014-cve20144209(94596)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94596
Common Vulnerability Exposure (CVE) ID: CVE-2014-4216
BugTraq ID: 68562
http://www.securityfocus.com/bid/68562
XForce ISS Database: oracle-cpujul2014-cve20144216(94591)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94591
Common Vulnerability Exposure (CVE) ID: CVE-2014-4218
BugTraq ID: 68583
http://www.securityfocus.com/bid/68583
XForce ISS Database: oracle-cpujul2014-cve20144218(94599)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94599
Common Vulnerability Exposure (CVE) ID: CVE-2014-4219
BugTraq ID: 68620
http://www.securityfocus.com/bid/68620
XForce ISS Database: oracle-cpujul2014-cve20144219(94589)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94589
Common Vulnerability Exposure (CVE) ID: CVE-2014-4221
BugTraq ID: 68571
http://www.securityfocus.com/bid/68571
XForce ISS Database: oracle-cpujul2014-cve20144221(94604)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94604
Common Vulnerability Exposure (CVE) ID: CVE-2014-4223
BugTraq ID: 68590
http://www.securityfocus.com/bid/68590
XForce ISS Database: oracle-cpujul2014-cve20144223(94594)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94594
Common Vulnerability Exposure (CVE) ID: CVE-2014-4244
BugTraq ID: 68624
http://www.securityfocus.com/bid/68624
http://secunia.com/advisories/58830
http://secunia.com/advisories/59503
http://secunia.com/advisories/60002
http://secunia.com/advisories/60031
http://secunia.com/advisories/60032
http://secunia.com/advisories/60326
http://secunia.com/advisories/60335
http://secunia.com/advisories/60497
http://secunia.com/advisories/60831
http://secunia.com/advisories/60846
http://secunia.com/advisories/60890
http://secunia.com/advisories/61050
http://secunia.com/advisories/61215
http://secunia.com/advisories/61254
http://secunia.com/advisories/61264
http://secunia.com/advisories/61278
http://secunia.com/advisories/61293
http://secunia.com/advisories/61294
http://secunia.com/advisories/61417
http://secunia.com/advisories/61469
http://secunia.com/advisories/61846
http://secunia.com/advisories/62314
XForce ISS Database: oracle-cpujul2014-cve20144244(94605)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94605
Common Vulnerability Exposure (CVE) ID: CVE-2014-4252
BugTraq ID: 68642
http://www.securityfocus.com/bid/68642
XForce ISS Database: oracle-cpujul2014-cve20144252(94600)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94600
Common Vulnerability Exposure (CVE) ID: CVE-2014-4262
BugTraq ID: 68599
http://www.securityfocus.com/bid/68599
XForce ISS Database: oracle-cpujul2014-cve20144262(94595)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94595
Common Vulnerability Exposure (CVE) ID: CVE-2014-4263
BugTraq ID: 68636
http://www.securityfocus.com/bid/68636
http://secunia.com/advisories/60180
http://secunia.com/advisories/60839
http://secunia.com/advisories/62319
XForce ISS Database: oracle-cpujul2014-cve20144263(94606)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94606
Common Vulnerability Exposure (CVE) ID: CVE-2014-4266
BugTraq ID: 68596
http://www.securityfocus.com/bid/68596
XForce ISS Database: oracle-cpujul2014-cve20144266(94601)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94601
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2024 E-Soft Inc. All rights reserved.