1088039 – (CVE-2014-0463, CVE-2014-0464, CVE-2014-2410) Oracle JDK: unspecified vulnerabilities fixed in 8u5 (JavaFX, Scripting)

Bug 1088039 (CVE-2014-0463, CVE-2014-0464, CVE-2014-2410) - Oracle JDK: unspecified vulnerabilities fixed in 8u5 (JavaFX, Scripting)

Summary: Oracle JDK: unspecified vulnerabilities fixed in 8u5 (JavaFX, Scripting)

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2014-0463, CVE-2014-0464, CVE-2014-2410
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1082776
TreeView+	depends on / blocked

Reported:	2014-04-15 21:53 UTC by Tomas Hoger
Modified:	2021-02-17 06:39 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-04-15 21:56:57 UTC
Embargoed:

Attachments	(Terms of Use)

Description Tomas Hoger 2014-04-15 21:53:50 UTC

Oracle Java SE 8u5 fixes an unspecified vulnerability in the JavaFX component (CVE-2014-2410).  Upstream has CVSSv2 scored this issue as: 9.3/AV:N/AC:M/Au:N/C:C/I:C/A:C

External Reference:

http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA

Comment 1 Tomas Hoger 2014-04-15 21:56:57 UTC

There are two other issues fixed via Oracle Critical Patch Update Advisory - April 2014 that only affected Oracle Java SE 8 and not previous versions:

CVE-2014-0463	Scripting	4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N
CVE-2014-0464	Scripting	4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N

Oracle Java SE 8 is not currently shipped as part of any Red Hat product.

Note You need to log in before you can comment on or make changes to this bug.