Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2009-3886
Vulnerability from cvelistv5
Published
2009-11-09 19:00
Modified
2024-08-07 06:45
Severity ?
EPSS score ?
Summary
The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a "regression," aka Bug Id 6870531.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:45:51.022Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:6794", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6794" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=532914" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://java.sun.com/javase/6/webnotes/6u17.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37386" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-11-03T00:00:00", "descriptions": [ { "lang": "en", "value": "The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a \"regression,\" aka Bug Id 6870531." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "oval:org.mitre.oval:def:6794", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6794" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=532914" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://java.sun.com/javase/6/webnotes/6u17.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37386" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-3886", "datePublished": "2009-11-09T19:00:00", "dateReserved": "2009-11-05T00:00:00", "dateUpdated": "2024-08-07T06:45:51.022Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2009-3886\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2009-11-09T19:30:00.627\",\"lastModified\":\"2024-11-21T01:08:26.843\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a \\\"regression,\\\" aka Bug Id 6870531.\"},{\"lang\":\"es\",\"value\":\"La implementaci\u00f3n de Java Web Start en Sun Java SE v6 antes de la Update17 no controla correctamente la interacci\u00f3n entre un archivo JAR firmado y (1) una aplicaci\u00f3n JNLP o (2) un applet JNLP, lo que tiene un impacto no especificado y vectores de ataque, en relaci\u00f3n a una \\\"regresi\u00f3n. Se trata del Bug 6870531.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.6.0\",\"matchCriteriaId\":\"64DE1804-F822-4D0D-82A3-3B9DE1F3B0D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"09027C19-D442-446F-B7A8-21DB6787CF43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A0FEC28-0707-4F42-9740-78F3D2D551EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3C5879A-A608-4230-9DC1-C27F0F48A13B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C71089A-BDDE-41FC-9DF9-9AEF4C2374DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DBB6B73-8D6B-41FF-BEE0-E0C7F5F1EB41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*\",\"matchCriteriaId\":\"12A3B254-8580-45DB-BDE4-5B5A29CBFFB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DB1DE6A-66AE-499B-AD92-9E6ACE474C6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7158D2C0-E9AC-4CD6-B777-EA7B7A181997\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"90EC6C13-4B37-48E5-8199-A702A944D5A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"2528152C-E20A-4D97-931C-A5EC3CEAA06D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*\",\"matchCriteriaId\":\"A99DAB4C-272B-4C91-BC70-7729E1152590\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*\",\"matchCriteriaId\":\"30DFC10A-A4D9-4F89-B17C-AB9260087D29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*\",\"matchCriteriaId\":\"272A5C44-18EC-41A9-8233-E9D4D0734EA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DA21490-E253-4BDC-9BA8-5D068BE35189\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*\",\"matchCriteriaId\":\"81C2C04D-D4BA-4C87-9609-C53AA63BFF19\"}]}]}],\"references\":[{\"url\":\"http://java.sun.com/javase/6/webnotes/6u17.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37386\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200911-02.xml\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=532914\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6794\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://java.sun.com/javase/6/webnotes/6u17.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37386\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200911-02.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=532914\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6794\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
rhsa-2009_1560
Vulnerability from csaf_redhat
Published
2009-11-09 15:04
Modified
2024-11-14 10:47
Summary
Red Hat Security Advisory: java-1.6.0-sun security update
Notes
Topic
Updated java-1.6.0-sun packages that correct several security issues are
now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and
the Sun Java 6 Software Development Kit.
This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. These
vulnerabilities are summarized on the "Advance notification of Security
Updates for Java SE" page from Sun Microsystems, listed in the References
section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3729, CVE-2009-3865,
CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871,
CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876,
CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882,
CVE-2009-3883, CVE-2009-3884, CVE-2009-3886)
Users of java-1.6.0-sun should upgrade to these updated packages, which
correct these issues. All running instances of Sun Java must be restarted
for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated java-1.6.0-sun packages that correct several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the \"Advance notification of Security\nUpdates for Java SE\" page from Sun Microsystems, listed in the References\nsection. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3729, CVE-2009-3865,\nCVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871,\nCVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876,\nCVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882,\nCVE-2009-3883, CVE-2009-3884, CVE-2009-3886)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2009:1560", "url": "https://access.redhat.com/errata/RHSA-2009:1560" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "http://blogs.sun.com/security/entry/advance_notification_of_security_updates6", "url": "http://blogs.sun.com/security/entry/advance_notification_of_security_updates6" }, { "category": "external", "summary": "510197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510197" }, { "category": "external", "summary": "530053", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530053" }, { "category": "external", "summary": "530057", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530057" }, { "category": "external", "summary": "530061", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530061" }, { "category": "external", "summary": "530062", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530062" }, { "category": "external", "summary": "530063", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530063" }, { "category": "external", "summary": "530067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530067" }, { "category": "external", "summary": "530098", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530098" }, { "category": "external", "summary": "530173", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530173" }, { "category": "external", "summary": "530175", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530175" }, { "category": "external", "summary": "530296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530296" }, { "category": "external", "summary": "530297", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530297" }, { "category": "external", "summary": "530300", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530300" }, { "category": "external", "summary": "532904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=532904" }, { "category": "external", "summary": "532906", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=532906" }, { "category": "external", "summary": "532914", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=532914" }, { "category": "external", "summary": "533211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533211" }, { "category": "external", "summary": "533212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533212" }, { "category": "external", "summary": "533214", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533214" }, { "category": "external", "summary": "533215", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533215" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1560.json" } ], "title": "Red Hat Security Advisory: java-1.6.0-sun security update", "tracking": { "current_release_date": "2024-11-14T10:47:06+00:00", "generator": { "date": "2024-11-14T10:47:06+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2009:1560", "initial_release_date": "2009-11-09T15:04:00+00:00", "revision_history": [ { "date": "2009-11-09T15:04:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2009-11-09T10:04:13+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T10:47:06+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AS version 4 Extras", "product": { "name": "Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Desktop version 4 Extras", "product": { "name": "Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ES version 4 Extras", "product": { "name": "Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux WS version 4 Extras", "product": { "name": "Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "product": { "name": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "product_id": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.17-1jpp.1.el4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "product": { "name": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "product_id": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.17-1jpp.1.el4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "product": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "product_id": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.17-1jpp.1.el4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "product": { "name": "java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "product_id": "java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.17-1jpp.1.el4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "product": { "name": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "product_id": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.17-1jpp.1.el4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "product": { "name": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "product_id": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.17-1jpp.1.el4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "product": { "name": "java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "product_id": "java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.17-1jpp.2.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "product": { "name": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "product_id": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.17-1jpp.2.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "product": { "name": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "product_id": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.17-1jpp.2.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "product": { "name": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "product_id": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.17-1jpp.2.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "product": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "product_id": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.17-1jpp.2.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "product": { "name": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "product_id": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.17-1jpp.2.el5?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "product": { "name": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "product_id": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.17-1jpp.1.el4?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "product": { "name": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "product_id": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.17-1jpp.1.el4?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "product": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "product_id": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.17-1jpp.1.el4?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "product": { "name": "java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "product_id": "java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.17-1jpp.1.el4?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "product": { "name": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "product_id": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.17-1jpp.1.el4?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "product": { "name": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "product_id": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.17-1jpp.1.el4?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "product": { "name": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "product_id": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.17-1jpp.2.el5?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "product": { "name": "java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "product_id": "java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.17-1jpp.2.el5?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "product": { "name": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "product_id": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.17-1jpp.2.el5?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "product": { "name": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "product_id": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.17-1jpp.2.el5?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "product": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "product_id": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.17-1jpp.2.el5?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "product": { "name": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "product_id": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.17-1jpp.2.el5?arch=i586\u0026epoch=1" } } } ], "category": "architecture", "name": "i586" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586" }, "product_reference": "java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586" }, "product_reference": "java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-2409", "discovery_date": "2009-02-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "510197" } ], "notes": [ { "category": "description", "text": "The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.", "title": "Vulnerability description" }, { "category": "summary", "text": "deprecate MD2 in SSL cert validation (Kaminsky)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2409" }, { "category": "external", "summary": "RHBZ#510197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510197" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2409", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2409" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2409", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2409" } ], "release_date": "2009-07-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:04:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1560" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "deprecate MD2 in SSL cert validation (Kaminsky)" }, { "cve": "CVE-2009-3728", "discovery_date": "2009-10-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "530098" } ], "notes": [ { "category": "description", "text": "Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK ICC_Profile file existence detection information leak (6631533)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3728" }, { "category": "external", "summary": "RHBZ#530098", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530098" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3728", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3728" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3728", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3728" } ], "release_date": "2009-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:04:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1560" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK ICC_Profile file existence detection information leak (6631533)" }, { "cve": "CVE-2009-3729", "discovery_date": "2009-11-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "532904" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the TrueType font parsing functionality in Sun Java SE 5.0 before Update 22 and 6 before Update 17 allows remote attackers to cause a denial of service (application crash) via a certain test suite, aka Bug Id 6815780.", "title": "Vulnerability description" }, { "category": "summary", "text": "JRE TrueType font parsing crash (6815780)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3729" }, { "category": "external", "summary": "RHBZ#532904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=532904" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3729", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3729" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3729", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3729" } ], "release_date": "2009-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:04:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1560" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JRE TrueType font parsing crash (6815780)" }, { "cve": "CVE-2009-3865", "discovery_date": "2009-11-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "533211" } ], "notes": [ { "category": "description", "text": "The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752.", "title": "Vulnerability description" }, { "category": "summary", "text": "java-1.6.0-sun: ACE in JRE Deployment Toolkit (6869752)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3865" }, { "category": "external", "summary": "RHBZ#533211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533211" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3865", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3865" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3865", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3865" } ], "release_date": "2009-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:04:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1560" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "java-1.6.0-sun: ACE in JRE Deployment Toolkit (6869752)" }, { "cve": "CVE-2009-3866", "discovery_date": "2009-11-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "533212" } ], "notes": [ { "category": "description", "text": "The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824.", "title": "Vulnerability description" }, { "category": "summary", "text": "java-1.6.0-sun: Privilege escalation in the Java Web Start Installer (6872824)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3866" }, { "category": "external", "summary": "RHBZ#533212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533212" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3866", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3866" } ], "release_date": "2009-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:04:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1560" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "java-1.6.0-sun: Privilege escalation in the Java Web Start Installer (6872824)" }, { "cve": "CVE-2009-3867", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "discovery_date": "2009-11-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "533214" } ], "notes": [ { "category": "description", "text": "Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.", "title": "Vulnerability description" }, { "category": "summary", "text": "java-1.6.0-sun: Stack-based buffer overflow via a long file: URL argument (6854303)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3867" }, { "category": "external", "summary": "RHBZ#533214", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533214" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3867", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3867" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3867", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3867" } ], "release_date": "2009-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:04:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1560" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "java-1.6.0-sun: Stack-based buffer overflow via a long file: URL argument (6854303)" }, { "cve": "CVE-2009-3868", "discovery_date": "2009-11-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "533215" } ], "notes": [ { "category": "description", "text": "Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970.", "title": "Vulnerability description" }, { "category": "summary", "text": "java-1.6.0-sun: Privilege escalation via crafted image file due improper color profiles parsing (6862970)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3868" }, { "category": "external", "summary": "RHBZ#533215", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533215" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3868", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3868" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3868", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3868" } ], "release_date": "2009-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:04:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1560" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "java-1.6.0-sun: Privilege escalation via crafted image file due improper color profiles parsing (6862970)" }, { "cve": "CVE-2009-3869", "discovery_date": "2009-10-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "530062" } ], "notes": [ { "category": "description", "text": "Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK JRE AWT setDifflCM stack overflow (6872357)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3869" }, { "category": "external", "summary": "RHBZ#530062", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530062" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3869", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3869" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3869", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3869" } ], "release_date": "2009-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:04:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1560" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK JRE AWT setDifflCM stack overflow (6872357)" }, { "cve": "CVE-2009-3871", "discovery_date": "2009-10-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "530063" } ], "notes": [ { "category": "description", "text": "Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK JRE AWT setBytePixels heap overflow (6872358)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3871" }, { "category": "external", "summary": "RHBZ#530063", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530063" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3871", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3871" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3871", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3871" } ], "release_date": "2009-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:04:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1560" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK JRE AWT setBytePixels heap overflow (6872358)" }, { "cve": "CVE-2009-3872", "discovery_date": "2009-11-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "532906" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969.", "title": "Vulnerability description" }, { "category": "summary", "text": "JRE JPEG JFIF Decoder issue (6862969)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3872" }, { "category": "external", "summary": "RHBZ#532906", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=532906" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3872", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3872" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3872", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3872" } ], "release_date": "2009-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:04:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1560" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JRE JPEG JFIF Decoder issue (6862969)" }, { "cve": "CVE-2009-3873", "discovery_date": "2009-10-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "530053" } ], "notes": [ { "category": "description", "text": "The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a \"quantization problem,\" aka Bug Id 6862968.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK JPEG Image Writer quantization problem (6862968)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3873" }, { "category": "external", "summary": "RHBZ#530053", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530053" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3873", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3873" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3873", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3873" } ], "release_date": "2009-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:04:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1560" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK JPEG Image Writer quantization problem (6862968)" }, { "cve": "CVE-2009-3874", "discovery_date": "2009-10-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "530067" } ], "notes": [ { "category": "description", "text": "Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK ImageI/O JPEG heap overflow (6874643)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3874" }, { "category": "external", "summary": "RHBZ#530067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530067" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3874", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3874" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3874", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3874" } ], "release_date": "2009-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:04:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1560" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK ImageI/O JPEG heap overflow (6874643)" }, { "cve": "CVE-2009-3875", "discovery_date": "2009-10-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "530057" } ], "notes": [ { "category": "description", "text": "The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to \"timing attack vulnerabilities,\" aka Bug Id 6863503.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3875" }, { "category": "external", "summary": "RHBZ#530057", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530057" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3875", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3875" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3875", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3875" } ], "release_date": "2009-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:04:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1560" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)" }, { "cve": "CVE-2009-3876", "discovery_date": "2009-10-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "530061" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3876" }, { "category": "external", "summary": "RHBZ#530061", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530061" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3876", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3876" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3876", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3876" } ], "release_date": "2009-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:04:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1560" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877" }, { "cve": "CVE-2009-3877", "discovery_date": "2009-10-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "530061" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3877" }, { "category": "external", "summary": "RHBZ#530061", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530061" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3877", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3877" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3877", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3877" } ], "release_date": "2009-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:04:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1560" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877" }, { "cve": "CVE-2009-3879", "discovery_date": "2009-10-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "530297" } ], "notes": [ { "category": "description", "text": "Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK GraphicsConfiguration information leak(6822057)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3879" }, { "category": "external", "summary": "RHBZ#530297", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530297" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3879", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3879" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3879", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3879" } ], "release_date": "2009-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:04:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1560" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK GraphicsConfiguration information leak(6822057)" }, { "cve": "CVE-2009-3880", "discovery_date": "2009-10-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "530296" } ], "notes": [ { "category": "description", "text": "The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK UI logging information leakage(6664512)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3880" }, { "category": "external", "summary": "RHBZ#530296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530296" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3880", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3880" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3880", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3880" } ], "release_date": "2009-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:04:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1560" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK UI logging information leakage(6664512)" }, { "cve": "CVE-2009-3881", "discovery_date": "2009-10-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "530173" } ], "notes": [ { "category": "description", "text": "Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an \"information leak vulnerability,\" aka Bug Id 6636650.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK resurrected classloaders can still have children (6636650)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3881" }, { "category": "external", "summary": "RHBZ#530173", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530173" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3881", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3881" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3881", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3881" } ], "release_date": "2009-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:04:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1560" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK resurrected classloaders can still have children (6636650)" }, { "cve": "CVE-2009-3882", "discovery_date": "2009-10-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "530175" } ], "notes": [ { "category": "description", "text": "Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to \"information leaks in mutable variables,\" aka Bug Id 6657026.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK information leaks in mutable variables (6657026,6657138)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3882" }, { "category": "external", "summary": "RHBZ#530175", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530175" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3882", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3882" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3882", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3882" } ], "release_date": "2009-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:04:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1560" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK information leaks in mutable variables (6657026,6657138)" }, { "cve": "CVE-2009-3883", "discovery_date": "2009-10-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "530175" } ], "notes": [ { "category": "description", "text": "Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL\u0026F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to \"information leaks in mutable variables,\" aka Bug Id 6657138.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK information leaks in mutable variables (6657026,6657138)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3883" }, { "category": "external", "summary": "RHBZ#530175", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530175" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3883", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3883" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3883", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3883" } ], "release_date": "2009-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:04:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1560" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK information leaks in mutable variables (6657026,6657138)" }, { "cve": "CVE-2009-3884", "discovery_date": "2009-10-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "530300" } ], "notes": [ { "category": "description", "text": "The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK zoneinfo file existence information leak (6824265)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3884" }, { "category": "external", "summary": "RHBZ#530300", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530300" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3884", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3884" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3884", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3884" } ], "release_date": "2009-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:04:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1560" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK zoneinfo file existence information leak (6824265)" }, { "cve": "CVE-2009-3886", "discovery_date": "2009-11-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "532914" } ], "notes": [ { "category": "description", "text": "The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a \"regression,\" aka Bug Id 6870531.", "title": "Vulnerability description" }, { "category": "summary", "text": "REGRESSION: have problem to run JNLP app and applets with signed Jar files (6870531)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3886" }, { "category": "external", "summary": "RHBZ#532914", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=532914" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3886", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3886" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3886", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3886" } ], "release_date": "2009-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:04:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1560" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "REGRESSION: have problem to run JNLP app and applets with signed Jar files (6870531)" } ] }
gsd-2009-3886
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a "regression," aka Bug Id 6870531.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2009-3886", "description": "The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a \"regression,\" aka Bug Id 6870531.", "id": "GSD-2009-3886", "references": [ "https://www.suse.com/security/cve/CVE-2009-3886.html", "https://access.redhat.com/errata/RHSA-2009:1560" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2009-3886" ], "details": "The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a \"regression,\" aka Bug Id 6870531.", "id": "GSD-2009-3886", "modified": "2023-12-13T01:19:49.980819Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-3886", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_affected": "=", "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a \"regression,\" aka Bug Id 6870531." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://java.sun.com/javase/6/webnotes/6u17.html", "refsource": "MISC", "url": "http://java.sun.com/javase/6/webnotes/6u17.html" }, { "name": "http://secunia.com/advisories/37386", "refsource": "MISC", "url": "http://secunia.com/advisories/37386" }, { "name": "http://security.gentoo.org/glsa/glsa-200911-02.xml", "refsource": "MISC", "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6794", "refsource": "MISC", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6794" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=532914", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=532914" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.6.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-3886" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a \"regression,\" aka Bug Id 6870531." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=532914", "refsource": "CONFIRM", "tags": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=532914" }, { "name": "http://java.sun.com/javase/6/webnotes/6u17.html", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "http://java.sun.com/javase/6/webnotes/6u17.html" }, { "name": "GLSA-200911-02", "refsource": "GENTOO", "tags": [], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "37386", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/37386" }, { "name": "oval:org.mitre.oval:def:6794", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6794" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": true, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false } }, "lastModifiedDate": "2017-09-19T01:29Z", "publishedDate": "2009-11-09T19:30Z" } } }
ghsa-87v3-hpq8-qpc6
Vulnerability from github
Published
2022-05-02 03:49
Modified
2022-05-02 03:49
Details
The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a "regression," aka Bug Id 6870531.
{ "affected": [], "aliases": [ "CVE-2009-3886" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2009-11-09T19:30:00Z", "severity": "HIGH" }, "details": "The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a \"regression,\" aka Bug Id 6870531.", "id": "GHSA-87v3-hpq8-qpc6", "modified": "2022-05-02T03:49:41Z", "published": "2022-05-02T03:49:41Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3886" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=532914" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6794" }, { "type": "WEB", "url": "http://java.sun.com/javase/6/webnotes/6u17.html" }, { "type": "WEB", "url": "http://secunia.com/advisories/37386" }, { "type": "WEB", "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" } ], "schema_version": "1.4.0", "severity": [] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.