| Errata ID | 266 |
|---|---|
| Date | 2014-12-19 |
| Source package | openjdk-6 |
| Fixed in version | 6b33-1.13.5-2.74.201412171318 |
| Description | Multiple security issues have been fixed in OpenJDK: Format string error in event logger (CVE-2014-2490) Insufficient access checks in SubjectDelegator (CVE-2014-4209) Bypass of sandbox restrictions (CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4262) Information leak in RSA key handling (CVE-2014-4244) Information disclosure in security services (CVE-2014-4252) Insecure Diffie-Hellman handling (CVE-2014-4263) Denial of service in InfoBuilder (CVE-2014-4266) Insufficient access restrictions in Swing file dialog (CVE-2014-4268) TLS/SSL handshake attack (CVE-2014-6457) Insecure logging (CVE-2014-6502) Information disclosure in Hotspot (CVE-2014-6504) Insufficient permission checks in system logging (CVE-2014-6506) Information disclosure in ICU/2D (CVE-2014-6511) Missing source checks in datagram sockets (CVE-2014-6512) XEE in the Stax parser (CVE-2014-6517) Memmory corruption in the JVM (CVE-2014-6519) Insufficient name checks for resource bundles (CVE-2014-6531) Incorrect exception handling in CipherInputStream (CVE-2014-6558) |
| Additional notes | |
| CVE ID | CVE-2014-2490 CVE-2014-4219 CVE-2014-4216 CVE-2014-4262 CVE-2014-4209 CVE-2014-4218 CVE-2014-4252 CVE-2014-4268 CVE-2014-4244 CVE-2014-4263 CVE-2014-4266 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 |
| UCS Bug number | #35381 |
