Launchpad.net

CVE 2014-0423

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding.

Related bugs and status

CVE-2014-0423 (Candidate) is related to these bugs:

Bug #1283828: "Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4

		In	Importance	Status
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	openjdk-6 (Ubuntu)	Undecided	Fix Released
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	openjdk-6 (Ubuntu Quantal)	Undecided	Fix Released
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	openjdk-6 (Ubuntu Saucy)	Undecided	Fix Released
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	openjdk-6 (Ubuntu Trusty)	Undecided	Fix Released
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	openjdk-6 (Ubuntu Lucid)	Undecided	Fix Released
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	openjdk-6 (Ubuntu Precise)	Undecided	Fix Released
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	openjdk-7 (Ubuntu)	Undecided	Fix Released
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	openjdk-7 (Ubuntu Precise)	Undecided	Fix Released
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	openjdk-7 (Ubuntu Quantal)	Undecided	Fix Released
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	openjdk-7 (Ubuntu Saucy)	Undecided	Fix Released
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	openjdk-7 (Ubuntu Trusty)	Undecided	Fix Released
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	Iced Tea	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.oracle.com/...
BID: 64758
CONFIRM: http://hg.openjdk.java...
CONFIRM: https://bugzilla.redha...
BID: 64914
SECTRACK: 1029608
SECUNIA: 56432
SECUNIA: 56485
SECUNIA: 56486
SECUNIA: 56487
SECUNIA: 56535
REDHAT: RHSA-2014:0026
REDHAT: RHSA-2014:0027
REDHAT: RHSA-2014:0097
REDHAT: RHSA-2014:0136
REDHAT: RHSA-2014:0030
REDHAT: RHSA-2014:0134
REDHAT: RHSA-2014:0135
SUSE: openSUSE-SU-2014:0174
SUSE: SUSE-SU-2014:0246
SUSE: SUSE-SU-2014:0266
SUSE: openSUSE-SU-2014:0177
SUSE: openSUSE-SU-2014:0180
UBUNTU: USN-2089-1
UBUNTU: USN-2124-1
SUSE: SUSE-SU-2014:0451
CONFIRM: https://h20566.www2.hp...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
SECUNIA: 60568
SECUNIA: 59283
HP: HPSBUX02972
HP: HPSBUX02973
HP: SSRT101454
HP: SSRT101455
XF: oracle-cpujan2014-cve2...
REDHAT: RHSA-2014:0414