IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server has a vulnerability which affects the time zone information of the application. The vulnerability is possible because java.util.TimeZone
fails to prevent the untrusted Java application or applet to change the time zone to default time zone of its contexts.
hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/54bd9675a80b
lists.apple.com/archives/security-announce/2013/Oct/msg00001.html
lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html
lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html
lists.opensuse.org/opensuse-updates/2013-11/msg00023.html
marc.info/?l=bugtraq&m=138674031212883&w=2
marc.info/?l=bugtraq&m=138674073720143&w=2
rhn.redhat.com/errata/RHSA-2013-1440.html
rhn.redhat.com/errata/RHSA-2013-1447.html
rhn.redhat.com/errata/RHSA-2013-1451.html
rhn.redhat.com/errata/RHSA-2013-1505.html
rhn.redhat.com/errata/RHSA-2013-1507.html
rhn.redhat.com/errata/RHSA-2013-1508.html
rhn.redhat.com/errata/RHSA-2013-1509.html
rhn.redhat.com/errata/RHSA-2013-1793.html
secunia.com/advisories/56338
security.gentoo.org/glsa/glsa-201406-32.xml
support.apple.com/kb/HT5982
www-01.ibm.com/support/docview.wss?uid=swg21655201
www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html
www.ibm.com/developerworks/java/jdk/alerts/
www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
www.securityfocus.com/bid/63120
www.ubuntu.com/usn/USN-2033-1
www.ubuntu.com/usn/USN-2089-1
access.redhat.com/errata/RHSA-2014:0414
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=1019133
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19002
rhn.redhat.com/errata/RHSA-2013-1793.html