Security Advisory Critical: java-1.7.0-openjdk security update

Advisory: RHSA-2014:0675-1
Type: Security Advisory
Severity: Critical
Issued on: 2014-06-10
Last updated on: 2014-06-10
Affected Products: Red Hat Enterprise Linux Desktop (v. 7)
Red Hat Enterprise Linux HPC Node (v. 7)
Red Hat Enterprise Linux Server (v. 7)
Red Hat Enterprise Linux Workstation (v. 7)
CVEs (cve.mitre.org): CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2402
CVE-2014-2403
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427

Details

Updated java-1.7.0-openjdk packages that fix various security issues are
now available for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having Critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.

An input validation flaw was discovered in the medialib library in the 2D
component. A specially crafted image could trigger Java Virtual Machine
memory corruption when processed. A remote attacker, or an untrusted Java
application or applet, could possibly use this flaw to execute arbitrary
code with the privileges of the user running the Java Virtual Machine.
(CVE-2014-0429)

Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK.
An untrusted Java application or applet could use these flaws to trigger
Java Virtual Machine memory corruption and possibly bypass Java sandbox
restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)

Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-0457,
CVE-2014-0455, CVE-2014-0461)

Multiple improper permission check issues were discovered in the AWT,
JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK.
An untrusted Java application or applet could use these flaws to bypass
certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,
CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402,
CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)

Multiple flaws were identified in the Java Naming and Directory Interface
(JNDI) DNS client. These flaws could make it easier for a remote attacker
to perform DNS spoofing attacks. (CVE-2014-0460)

It was discovered that the JAXP component did not properly prevent access
to arbitrary files when a SecurityManager was present. This flaw could
cause a Java application using JAXP to leak sensitive information, or
affect application availability. (CVE-2014-2403)

It was discovered that the Security component in OpenJDK could leak some
timing information when performing PKCS#1 unpadding. This could possibly
lead to the disclosure of some information that was meant to be protected
by encryption. (CVE-2014-0453)

It was discovered that the fix for CVE-2013-5797 did not properly resolve
input sanitization flaws in javadoc. When javadoc documentation was
generated from an untrusted Java source code and hosted on a domain not
controlled by the code author, these issues could make it easier to perform
cross-site scripting (XSS) attacks. (CVE-2014-2398)

An insecure temporary file use flaw was found in the way the unpack200
utility created log files. A local attacker could possibly use this flaw to
perform a symbolic link attack and overwrite arbitrary files with the
privileges of the user running unpack200. (CVE-2014-1876)

Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website.

All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 7)

SRPMS:
java-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.src.rpm
File outdated by:  RHSA-2015:0806
    MD5: b71d7bcff4e890de2e05b0a93c218b81
SHA-256: 9adb6f5773ed5e6802925091da18195cd70ac967a3d0a9547813532c360236f0
 
x86_64:
java-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: 14020130c97e0f69769ca10bd73a34f8
SHA-256: b10d13c055b95c5f8ede5807b77e0ae28836833a0f5d19c997ecf0e6bffc3e9f
java-1.7.0-openjdk-accessibility-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: a46fe56a3ef95fa7e9d3c3440d647f48
SHA-256: 8ba6cfcd74c40040042b433dbd5de474269e43d9fe339b64879c476a433e9c11
java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: d5b22dc6a5377bd66883f3ca9f9e0570
SHA-256: 327bdb8e0fe29661e4333141487842f40fa8a1cf9199b7c68a0deca9e88889e6
java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: a21a00b403e696dbb26fc1781b6292b5
SHA-256: 01de4a53b77e336b47036c98888b688a93269c98a0cd665b62378584643d2ff0
java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: 26cba4bc168287d634124e62c3191085
SHA-256: c19ce409876e44fed0d1fa89dd72668df0f09e7b2f4f86291db671af431fe15d
java-1.7.0-openjdk-headless-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: dd9a9dfd54fe5b76ce5b6105a3832003
SHA-256: acbe95403aeadcc9c176cf12059904da29bad482a29632f1855236bc28e64325
java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.2.el7_0.noarch.rpm
File outdated by:  RHSA-2015:0806
    MD5: b4de3f9af9257184015c7d50af37dcee
SHA-256: a628f0a1dddb37cbd5a7b1d4ed98bfed617ebf167a931249f38808565b39f058
java-1.7.0-openjdk-src-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: 1d93bac83166bb0bb2c2a7323a482cf3
SHA-256: d3fe1af3b06fd712fb5c1736ff29930ba401be67521b337a139537028f6d1d3a
 
Red Hat Enterprise Linux HPC Node (v. 7)

SRPMS:
java-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.src.rpm
File outdated by:  RHSA-2015:0806
    MD5: b71d7bcff4e890de2e05b0a93c218b81
SHA-256: 9adb6f5773ed5e6802925091da18195cd70ac967a3d0a9547813532c360236f0
 
x86_64:
java-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: 14020130c97e0f69769ca10bd73a34f8
SHA-256: b10d13c055b95c5f8ede5807b77e0ae28836833a0f5d19c997ecf0e6bffc3e9f
java-1.7.0-openjdk-accessibility-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: a46fe56a3ef95fa7e9d3c3440d647f48
SHA-256: 8ba6cfcd74c40040042b433dbd5de474269e43d9fe339b64879c476a433e9c11
java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: d5b22dc6a5377bd66883f3ca9f9e0570
SHA-256: 327bdb8e0fe29661e4333141487842f40fa8a1cf9199b7c68a0deca9e88889e6
java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: a21a00b403e696dbb26fc1781b6292b5
SHA-256: 01de4a53b77e336b47036c98888b688a93269c98a0cd665b62378584643d2ff0
java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: 26cba4bc168287d634124e62c3191085
SHA-256: c19ce409876e44fed0d1fa89dd72668df0f09e7b2f4f86291db671af431fe15d
java-1.7.0-openjdk-headless-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: dd9a9dfd54fe5b76ce5b6105a3832003
SHA-256: acbe95403aeadcc9c176cf12059904da29bad482a29632f1855236bc28e64325
java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.2.el7_0.noarch.rpm
File outdated by:  RHSA-2015:0806
    MD5: b4de3f9af9257184015c7d50af37dcee
SHA-256: a628f0a1dddb37cbd5a7b1d4ed98bfed617ebf167a931249f38808565b39f058
java-1.7.0-openjdk-src-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: 1d93bac83166bb0bb2c2a7323a482cf3
SHA-256: d3fe1af3b06fd712fb5c1736ff29930ba401be67521b337a139537028f6d1d3a
 
Red Hat Enterprise Linux Server (v. 7)

SRPMS:
java-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.src.rpm
File outdated by:  RHSA-2015:0806
    MD5: b71d7bcff4e890de2e05b0a93c218b81
SHA-256: 9adb6f5773ed5e6802925091da18195cd70ac967a3d0a9547813532c360236f0
 
PPC:
java-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm
File outdated by:  RHSA-2015:0806
    MD5: e431a492de4a16537d716a634dc46678
SHA-256: 9f3240e998eb105831a87326a92cab7e88c33f1995f853e6336fee34870926f3
java-1.7.0-openjdk-accessibility-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm
File outdated by:  RHSA-2015:0806
    MD5: b284d73e1d6c4f29e7ac897d707d632c
SHA-256: e9860b223cd060527b000a7d0860e51e0f399552da3ecf3611d3652cb8bf1a64
java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm
File outdated by:  RHSA-2015:0806
    MD5: 7bf61abd13bfff7a0ec27c31991f4805
SHA-256: 59de6f5a87fb82c827fd215c15898c29d3e66e0fe246cf10a5278030a60c15d4
java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm
File outdated by:  RHSA-2015:0806
    MD5: 28746eaf6a3abc4f06d75e77490e8508
SHA-256: e5ecba2e495b934f515a9db663def9d9c192ce475bdef596e0157dbd7abe449c
java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm
File outdated by:  RHSA-2015:0806
    MD5: 05852b10b4db7877cbdeab3cdacd3a05
SHA-256: 68b48b4f3d8cf11539a306df936b63d3ad441356033775df2cc0077ceeafb98a
java-1.7.0-openjdk-headless-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm
File outdated by:  RHSA-2015:0806
    MD5: 5476e62c839b6d86e458df44accfd48e
SHA-256: 114d26a14e5d5eca1a7c9ff9bbc6c90d909e60ee37e90ec6216ecaab7e8ba3d0
java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.2.el7_0.noarch.rpm
File outdated by:  RHSA-2015:0806
    MD5: b4de3f9af9257184015c7d50af37dcee
SHA-256: a628f0a1dddb37cbd5a7b1d4ed98bfed617ebf167a931249f38808565b39f058
java-1.7.0-openjdk-src-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm
File outdated by:  RHSA-2015:0806
    MD5: 5128ea36f41dee23bc71e8e3446db944
SHA-256: 37960cf869d98f191f9ce25cbd4586f46b2a20661682739cc3a1a529817158d9
 
s390x:
java-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.s390x.rpm
File outdated by:  RHSA-2015:0806
    MD5: 82faf785a74fd9647943383984486112
SHA-256: 90f5a9064cac19a250597cee08f835ed4f2ea05fcd4f3cf786233a52f920156e
java-1.7.0-openjdk-accessibility-1.7.0.55-2.4.7.2.el7_0.s390x.rpm
File outdated by:  RHSA-2015:0806
    MD5: 87019a821938fc86d1ca1d7839f016ef
SHA-256: 3ac0e33ca8ac1e8f3e0e8abbbd4421016aefc4aff6ffd41066b67838ee9beee6
java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.s390x.rpm
File outdated by:  RHSA-2015:0806
    MD5: f6907b7d839a7409255feb776a79ee37
SHA-256: 9bfc244b96a6ed72b2116def8099fbc1d7d190249be602429164b20e8e8a0dde
java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.2.el7_0.s390x.rpm
File outdated by:  RHSA-2015:0806
    MD5: 94714c116b5cb3d23ff2d28cd45bc297
SHA-256: 44c21924eadabfd36aadfc8b6e1e2596311bd2fcb59e6cc6fd9b3e702aa45df9
java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.2.el7_0.s390x.rpm
File outdated by:  RHSA-2015:0806
    MD5: 65d32ec16fb911ffb8d2500ee9445eee
SHA-256: 645bd696cbc0af8cde3309c21a728f9ab355e9989bfc771d32a53436180ee09e
java-1.7.0-openjdk-headless-1.7.0.55-2.4.7.2.el7_0.s390x.rpm
File outdated by:  RHSA-2015:0806
    MD5: 6fddae7d4e970a6d04c49f9e35ba77a3
SHA-256: 3c603db74601b4b8173321f2accdd29b2001e57c9e8de5c24493a877b77d65d1
java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.2.el7_0.noarch.rpm
File outdated by:  RHSA-2015:0806
    MD5: b4de3f9af9257184015c7d50af37dcee
SHA-256: a628f0a1dddb37cbd5a7b1d4ed98bfed617ebf167a931249f38808565b39f058
java-1.7.0-openjdk-src-1.7.0.55-2.4.7.2.el7_0.s390x.rpm
File outdated by:  RHSA-2015:0806
    MD5: 3671baa444838368f4b1f21c6f961cb3
SHA-256: 9e13d0d49bd60657a4ea67fce8981a84362be119d4cab049f3d8849f9b0010ce
 
x86_64:
java-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: 14020130c97e0f69769ca10bd73a34f8
SHA-256: b10d13c055b95c5f8ede5807b77e0ae28836833a0f5d19c997ecf0e6bffc3e9f
java-1.7.0-openjdk-accessibility-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: a46fe56a3ef95fa7e9d3c3440d647f48
SHA-256: 8ba6cfcd74c40040042b433dbd5de474269e43d9fe339b64879c476a433e9c11
java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: d5b22dc6a5377bd66883f3ca9f9e0570
SHA-256: 327bdb8e0fe29661e4333141487842f40fa8a1cf9199b7c68a0deca9e88889e6
java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: a21a00b403e696dbb26fc1781b6292b5
SHA-256: 01de4a53b77e336b47036c98888b688a93269c98a0cd665b62378584643d2ff0
java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: 26cba4bc168287d634124e62c3191085
SHA-256: c19ce409876e44fed0d1fa89dd72668df0f09e7b2f4f86291db671af431fe15d
java-1.7.0-openjdk-headless-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: dd9a9dfd54fe5b76ce5b6105a3832003
SHA-256: acbe95403aeadcc9c176cf12059904da29bad482a29632f1855236bc28e64325
java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.2.el7_0.noarch.rpm
File outdated by:  RHSA-2015:0806
    MD5: b4de3f9af9257184015c7d50af37dcee
SHA-256: a628f0a1dddb37cbd5a7b1d4ed98bfed617ebf167a931249f38808565b39f058
java-1.7.0-openjdk-src-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: 1d93bac83166bb0bb2c2a7323a482cf3
SHA-256: d3fe1af3b06fd712fb5c1736ff29930ba401be67521b337a139537028f6d1d3a
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
java-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.src.rpm
File outdated by:  RHSA-2015:0806
    MD5: b71d7bcff4e890de2e05b0a93c218b81
SHA-256: 9adb6f5773ed5e6802925091da18195cd70ac967a3d0a9547813532c360236f0
 
x86_64:
java-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: 14020130c97e0f69769ca10bd73a34f8
SHA-256: b10d13c055b95c5f8ede5807b77e0ae28836833a0f5d19c997ecf0e6bffc3e9f
java-1.7.0-openjdk-accessibility-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: a46fe56a3ef95fa7e9d3c3440d647f48
SHA-256: 8ba6cfcd74c40040042b433dbd5de474269e43d9fe339b64879c476a433e9c11
java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: d5b22dc6a5377bd66883f3ca9f9e0570
SHA-256: 327bdb8e0fe29661e4333141487842f40fa8a1cf9199b7c68a0deca9e88889e6
java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: a21a00b403e696dbb26fc1781b6292b5
SHA-256: 01de4a53b77e336b47036c98888b688a93269c98a0cd665b62378584643d2ff0
java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: 26cba4bc168287d634124e62c3191085
SHA-256: c19ce409876e44fed0d1fa89dd72668df0f09e7b2f4f86291db671af431fe15d
java-1.7.0-openjdk-headless-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: dd9a9dfd54fe5b76ce5b6105a3832003
SHA-256: acbe95403aeadcc9c176cf12059904da29bad482a29632f1855236bc28e64325
java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.2.el7_0.noarch.rpm
File outdated by:  RHSA-2015:0806
    MD5: b4de3f9af9257184015c7d50af37dcee
SHA-256: a628f0a1dddb37cbd5a7b1d4ed98bfed617ebf167a931249f38808565b39f058
java-1.7.0-openjdk-src-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
File outdated by:  RHSA-2015:0806
    MD5: 1d93bac83166bb0bb2c2a7323a482cf3
SHA-256: d3fe1af3b06fd712fb5c1736ff29930ba401be67521b337a139537028f6d1d3a
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1060907 - CVE-2014-1876 OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618)
1086632 - CVE-2014-2398 OpenJDK: insufficient escaping of window title string (Javadoc, 8026736)
1086645 - CVE-2014-0453 OpenJDK: RSA unpadding timing issues (Security, 8027766)
1087409 - CVE-2014-0429 OpenJDK: Incorrect mlib/raster image validation (2D, 8027841)
1087411 - CVE-2014-0457 OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394)
1087413 - CVE-2014-0456 OpenJDK: System.arraycopy() element race condition (Hotspot, 8029858)
1087417 - CVE-2014-2421 OpenJDK: JPEG decoder input stream handling (2D, 8029854)
1087423 - CVE-2014-2397 OpenJDK: classfile parser invalid BootstrapMethods attribute length (Hotspot, 8034926)
1087424 - CVE-2014-0455 OpenJDK: MethodHandle variable argument lists handling (Libraries, 8029844)
1087426 - CVE-2014-0461 OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794)
1087427 - CVE-2014-2412 OpenJDK: AWT thread context handling (AWT, 8025010)
1087428 - CVE-2014-0451 OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797)
1087430 - CVE-2014-0458 OpenJDK: Activation framework default command map caching (JAX-WS, 8025152)
1087431 - CVE-2014-2414 OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030)
1087434 - CVE-2014-2423 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)
1087436 - CVE-2014-0452 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801)
1087438 - CVE-2014-2402 OpenJDK: Incorrect NIO channel separation (Libraries, 8026716)
1087439 - CVE-2014-0446 OpenJDK: Protect logger handlers (Libraries, 8029740)
1087440 - CVE-2014-0454 OpenJDK: Prevent SIGNATURE_PRIMITIVE_SET from being modified (Security, 8029745)
1087441 - CVE-2014-2427 OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163)
1087442 - CVE-2014-0460 OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)
1087443 - CVE-2014-2403 OpenJDK: JAXP CharInfo file access restriction (JAXP, 8029282)
1087444 - CVE-2014-0459 lcms: insufficient ICC profile version validation (OpenJDK 2D, 8031335)
1087446 - CVE-2014-2413 OpenJDK: method handle call hierachy bypass (Libraries, 8032686)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/