Alpine: openjdk7: security update to 7.-r0 (deprecated)

high Tenable Cloud Security Plugin ID 401227

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded
7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors
related to 2D. (CVE-2014-2421)

- The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in
Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain
duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG
markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations
via a crafted JPEG image. (CVE-2013-6629)

- The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of
service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL
palette, related to pngrtran.c and pngset.c. (CVE-2013-6954)

- Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and
Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via
unknown vectors related to 2D. (CVE-2014-0429)

- Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows
remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to
Libraries. (CVE-2014-0446)

See Also

https://git.alpinelinux.org/aports/commit/?id=6f9ef505689af2f92b4050c68cf1749f9a132f0b

https://git.alpinelinux.org/aports/commit/?id=cabd7320a8d0d7885ac14676566e9b3927fc36e4

Plugin Details

Severity: High

ID: 401227

Version: Revision 1.29

Type: Local

Published: 8/16/2023

Updated: 6/22/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2014-2421

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2013-6629

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/17/2014

Vulnerability Publication Date: 11/12/2013

Reference Information

CVE: CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2402, CVE-2014-2403, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427

BID: 63676, 64493, 65568, 66856, 66866, 66873, 66877, 66879, 66881, 66883, 66887, 66891, 66893, 66894, 66898, 66899, 66902, 66903, 66905, 66909, 66910, 66914, 66916, 66917, 66918, 66920