What is resolution for multiple Java CVE's ?
Issue
How to deal with below multiple Java CVE's ?
- CVE-2014-4262 OpenJDK: AtomicReferenceFieldUpdater missing primitive type check (Libraries, 8039520)
- CVE-2014-4244 OpenJDK: RSA blinding issues (Security, 8031346)
- CVE-2014-4263 OpenJDK: insufficient Diffie-Hellman public key validation (Security, 8037162)
- CVE-2014-4221 OpenJDK: MethodHandles.Lookup insufficient modifiers checks (Libraries, 8035788)
- CVE-2014-4219 OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119)
- CVE-2014-4209 OpenJDK: SubjectDelegator protection insufficient (JMX, 8029755)
- CVE-2014-4218 OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009)
- CVE-2014-4252 OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004)
- CVE-2014-4266 OpenJDK: InfoBuilder incorrect return values (Serviceability, 8033301)
- CVE-2014-4227 Oracle JDK: unspecified vulnerability fixed in 6u81, 7u65 and 8u11 (Deployment)
- CVE-2014-4265 Oracle JDK: unspecified vulnerability fixed in 6u81, 7u65 and 8u11 (Deployment)
- CVE-2014-4220 Oracle JDK: unspecified vulnerability fixed in 7u65 and 8u11 (Deployment)
- CVE-2014-4208 Oracle JDK: unspecified vulnerability fixed in 7u65 and 8u11 (Deployment)
Environment
- Red Hat Enterprise Linux 7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.