What is resolution for multiple Java CVE's ?

Solution Verified - Updated -

Issue

How to deal with below multiple Java CVE's ?

  • CVE-2014-4262 OpenJDK: AtomicReferenceFieldUpdater missing primitive type check (Libraries, 8039520)
  • CVE-2014-4244 OpenJDK: RSA blinding issues (Security, 8031346)
  • CVE-2014-4263 OpenJDK: insufficient Diffie-Hellman public key validation (Security, 8037162)
  • CVE-2014-4221 OpenJDK: MethodHandles.Lookup insufficient modifiers checks (Libraries, 8035788)
  • CVE-2014-4219 OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119)
  • CVE-2014-4209 OpenJDK: SubjectDelegator protection insufficient (JMX, 8029755)
  • CVE-2014-4218 OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009)
  • CVE-2014-4252 OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004)
  • CVE-2014-4266 OpenJDK: InfoBuilder incorrect return values (Serviceability, 8033301)
  • CVE-2014-4227 Oracle JDK: unspecified vulnerability fixed in 6u81, 7u65 and 8u11 (Deployment)
  • CVE-2014-4265 Oracle JDK: unspecified vulnerability fixed in 6u81, 7u65 and 8u11 (Deployment)
  • CVE-2014-4220 Oracle JDK: unspecified vulnerability fixed in 7u65 and 8u11 (Deployment)
  • CVE-2014-4208 Oracle JDK: unspecified vulnerability fixed in 7u65 and 8u11 (Deployment)

Environment

  • Red Hat Enterprise Linux 7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content