(CVE-2013-1493) This erratum also upgrades the OpenJDK package to IcedTea7 2.3.8. Specially crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-0809) It was discovered that the 2D component did not properly reject certain malformed images.
A specially crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Java 1.7.0 (64 bit) virtual machine download update#
The Red Hat Security Response Team has rated this update as having important security impact. Description Updated java-1.7.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5. Synopsis The remote CentOS host is missing one or more security updates. Severity display preferences can be toggled in the settings dropdown. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. The calculated severity for Plugins has been updated to use CVSS v3 by default.