Oval Definition:oval:com.redhat.rhsa:def:20151920
Revision Date:2015-10-21Version:635
Title:RHSA-2015:1920: java-1.7.0-openjdk security update (Critical)
Description:The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.

  • Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2015-4835, CVE-2015-4881, CVE-2015-4843, CVE-2015-4883, CVE-2015-4860, CVE-2015-4805, CVE-2015-4844)

  • Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2015-4803, CVE-2015-4893, CVE-2015-4911)

  • It was discovered that the Security component in OpenJDK failed to properly check if a certificate satisfied all defined constraints. In certain cases, this could cause a Java application to accept an X.509 certificate which does not meet requirements of the defined policy. (CVE-2015-4872)

  • Multiple flaws were found in the Libraries, 2D, CORBA, JAXP, JGSS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4806, CVE-2015-4840, CVE-2015-4882, CVE-2015-4842, CVE-2015-4734, CVE-2015-4903)

    Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue.

    Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.

    All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2015-4734
    CVE-2015-4803
    CVE-2015-4805
    CVE-2015-4806
    CVE-2015-4835
    CVE-2015-4840
    CVE-2015-4842
    CVE-2015-4843
    CVE-2015-4844
    CVE-2015-4860
    CVE-2015-4872
    CVE-2015-4881
    CVE-2015-4882
    CVE-2015-4883
    CVE-2015-4893
    CVE-2015-4903
    CVE-2015-4911
    RHSA-2015:1920
    RHSA-2015:1920-00
    RHSA-2015:1920-01
    Platform(s):Red Hat Enterprise Linux 6
    Red Hat Enterprise Linux 7
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • java-1.7.0-openjdk is earlier than 1:1.7.0.91-2.6.2.2.el6_7
  • AND java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
  • java-1.7.0-openjdk-demo is earlier than 1:1.7.0.91-2.6.2.2.el6_7
  • AND java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
  • java-1.7.0-openjdk-devel is earlier than 1:1.7.0.91-2.6.2.2.el6_7
  • AND java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
  • java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.91-2.6.2.2.el6_7
  • AND java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
  • java-1.7.0-openjdk-src is earlier than 1:1.7.0.91-2.6.2.2.el6_7
  • AND java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • java-1.7.0-openjdk is earlier than 1:1.7.0.91-2.6.2.1.el7_1
  • AND java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
  • java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.91-2.6.2.1.el7_1
  • AND java-1.7.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
  • java-1.7.0-openjdk-demo is earlier than 1:1.7.0.91-2.6.2.1.el7_1
  • AND java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
  • java-1.7.0-openjdk-devel is earlier than 1:1.7.0.91-2.6.2.1.el7_1
  • AND java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
  • java-1.7.0-openjdk-headless is earlier than 1:1.7.0.91-2.6.2.1.el7_1
  • AND java-1.7.0-openjdk-headless is signed with Red Hat redhatrelease2 key
  • java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.91-2.6.2.1.el7_1
  • AND java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
  • java-1.7.0-openjdk-src is earlier than 1:1.7.0.91-2.6.2.1.el7_1
  • AND java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
  • BACK