rhsa-2011_1380
Vulnerability from csaf_redhat
Published
2011-10-18 23:19
Modified
2024-11-14 11:30
Summary
Red Hat Security Advisory: java-1.6.0-openjdk security update
Notes
Topic
Updated java-1.6.0-openjdk packages that fix several security issues are
now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.
A flaw was found in the Java RMI (Remote Method Invocation) registry
implementation. A remote RMI client could use this flaw to execute
arbitrary code on the RMI server running the registry. (CVE-2011-3556)
A flaw was found in the Java RMI registry implementation. A remote RMI
client could use this flaw to execute code on the RMI server with
unrestricted privileges. (CVE-2011-3557)
A flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization
code. An untrusted Java application or applet running in a sandbox could
use this flaw to bypass sandbox restrictions by deserializing
specially-crafted input. (CVE-2011-3521)
It was found that the Java ScriptingEngine did not properly restrict the
privileges of sandboxed applications. An untrusted Java application or
applet running in a sandbox could use this flaw to bypass sandbox
restrictions. (CVE-2011-3544)
A flaw was found in the AWTKeyStroke implementation. An untrusted Java
application or applet running in a sandbox could use this flaw to bypass
sandbox restrictions. (CVE-2011-3548)
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the Java2D code used to perform transformations of graphic shapes
and images. An untrusted Java application or applet running in a sandbox
could use this flaw to bypass sandbox restrictions. (CVE-2011-3551)
An insufficient error checking flaw was found in the unpacker for JAR files
in pack200 format. A specially-crafted JAR file could use this flaw to
crash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code
with JVM privileges. (CVE-2011-3554)
It was found that HttpsURLConnection did not perform SecurityManager checks
in the setSSLSocketFactory method. An untrusted Java application or applet
running in a sandbox could use this flaw to bypass connection restrictions
defined in the policy. (CVE-2011-3560)
A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block
ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a
chosen plain text attack against a connection mixing trusted and untrusted
data could use this flaw to recover portions of the trusted data sent over
the connection. (CVE-2011-3389)
Note: This update mitigates the CVE-2011-3389 issue by splitting the first
application data record byte to a separate SSL/TLS protocol record. This
mitigation may cause compatibility issues with some SSL/TLS implementations
and can be disabled using the jsse.enableCBCProtection boolean property.
This can be done on the command line by appending the flag
"-Djsse.enableCBCProtection=false" to the java command.
An information leak flaw was found in the InputStream.skip implementation.
An untrusted Java application or applet could possibly use this flaw to
obtain bytes skipped by other threads. (CVE-2011-3547)
A flaw was found in the Java HotSpot virtual machine. An untrusted Java
application or applet could use this flaw to disclose portions of the VM
memory, or cause it to crash. (CVE-2011-3558)
The Java API for XML Web Services (JAX-WS) implementation in OpenJDK was
configured to include the stack trace in error messages sent to clients. A
remote client could possibly use this flaw to obtain sensitive information.
(CVE-2011-3553)
It was found that Java applications running with SecurityManager
restrictions were allowed to use too many UDP sockets by default. If
multiple instances of a malicious application were started at the same
time, they could exhaust all available UDP sockets on the system.
(CVE-2011-3552)
This erratum also upgrades the OpenJDK package to IcedTea6 1.9.10. Refer to
the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated java-1.6.0-openjdk packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA flaw was found in the Java RMI (Remote Method Invocation) registry\nimplementation. A remote RMI client could use this flaw to execute\narbitrary code on the RMI server running the registry. (CVE-2011-3556)\n\nA flaw was found in the Java RMI registry implementation. A remote RMI\nclient could use this flaw to execute code on the RMI server with\nunrestricted privileges. (CVE-2011-3557)\n\nA flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization\ncode. An untrusted Java application or applet running in a sandbox could\nuse this flaw to bypass sandbox restrictions by deserializing\nspecially-crafted input. (CVE-2011-3521)\n\nIt was found that the Java ScriptingEngine did not properly restrict the\nprivileges of sandboxed applications. An untrusted Java application or\napplet running in a sandbox could use this flaw to bypass sandbox\nrestrictions. (CVE-2011-3544)\n\nA flaw was found in the AWTKeyStroke implementation. An untrusted Java\napplication or applet running in a sandbox could use this flaw to bypass\nsandbox restrictions. (CVE-2011-3548)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the Java2D code used to perform transformations of graphic shapes\nand images. An untrusted Java application or applet running in a sandbox\ncould use this flaw to bypass sandbox restrictions. (CVE-2011-3551)\n\nAn insufficient error checking flaw was found in the unpacker for JAR files\nin pack200 format. A specially-crafted JAR file could use this flaw to\ncrash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code\nwith JVM privileges. (CVE-2011-3554)\n\nIt was found that HttpsURLConnection did not perform SecurityManager checks\nin the setSSLSocketFactory method. An untrusted Java application or applet\nrunning in a sandbox could use this flaw to bypass connection restrictions\ndefined in the policy. (CVE-2011-3560)\n\nA flaw was found in the way the SSL 3 and TLS 1.0 protocols used block\nciphers in cipher-block chaining (CBC) mode. An attacker able to perform a\nchosen plain text attack against a connection mixing trusted and untrusted\ndata could use this flaw to recover portions of the trusted data sent over\nthe connection. (CVE-2011-3389)\n\nNote: This update mitigates the CVE-2011-3389 issue by splitting the first\napplication data record byte to a separate SSL/TLS protocol record. This\nmitigation may cause compatibility issues with some SSL/TLS implementations\nand can be disabled using the jsse.enableCBCProtection boolean property.\nThis can be done on the command line by appending the flag\n\"-Djsse.enableCBCProtection=false\" to the java command.\n\nAn information leak flaw was found in the InputStream.skip implementation.\nAn untrusted Java application or applet could possibly use this flaw to\nobtain bytes skipped by other threads. (CVE-2011-3547)\n\nA flaw was found in the Java HotSpot virtual machine. An untrusted Java\napplication or applet could use this flaw to disclose portions of the VM\nmemory, or cause it to crash. (CVE-2011-3558)\n\nThe Java API for XML Web Services (JAX-WS) implementation in OpenJDK was\nconfigured to include the stack trace in error messages sent to clients. A\nremote client could possibly use this flaw to obtain sensitive information.\n(CVE-2011-3553)\n\nIt was found that Java applications running with SecurityManager\nrestrictions were allowed to use too many UDP sockets by default. If\nmultiple instances of a malicious application were started at the same\ntime, they could exhaust all available UDP sockets on the system.\n(CVE-2011-3552)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.9.10. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2011:1380", "url": "https://access.redhat.com/errata/RHSA-2011:1380" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "category": "external", "summary": "http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/328afd896e3e/NEWS", "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/328afd896e3e/NEWS" }, { "category": "external", "summary": "737506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506" }, { "category": "external", "summary": "745379", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745379" }, { "category": "external", "summary": "745387", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745387" }, { "category": "external", "summary": "745391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745391" }, { "category": "external", "summary": "745397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745397" }, { "category": "external", "summary": "745399", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745399" }, { "category": "external", "summary": "745442", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745442" }, { "category": "external", "summary": "745447", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745447" }, { "category": "external", "summary": "745459", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745459" }, { "category": "external", "summary": "745464", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745464" }, { "category": "external", "summary": "745473", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745473" }, { "category": "external", "summary": "745476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745476" }, { "category": "external", "summary": "745492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745492" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_1380.json" } ], "title": "Red Hat Security Advisory: java-1.6.0-openjdk security update", "tracking": { "current_release_date": "2024-11-14T11:30:14+00:00", "generator": { "date": "2024-11-14T11:30:14+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2011:1380", "initial_release_date": "2011-10-18T23:19:00+00:00", "revision_history": [ { "date": "2011-10-18T23:19:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2011-10-18T19:26:12+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T11:30:14+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Server (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.1.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Optional (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.1.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.7.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux (v. 5 server)", "product": { "name": "Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.7.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "product": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-1.40.1.9.10.el6_1?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "product": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-1.40.1.9.10.el6_1?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "product": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-1.40.1.9.10.el6_1?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "product": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-1.40.1.9.10.el6_1?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "product": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-1.40.1.9.10.el6_1?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "product": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.40.1.9.10.el6_1?arch=i686\u0026epoch=1" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "product": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-1.40.1.9.10.el6_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "product": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-1.40.1.9.10.el6_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "product": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-1.40.1.9.10.el6_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "product": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-1.40.1.9.10.el6_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "product": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-1.40.1.9.10.el6_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "product": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.40.1.9.10.el6_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "product": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-1.23.1.9.10.el5_7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "product": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-1.23.1.9.10.el5_7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "product": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-1.23.1.9.10.el5_7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "product": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-1.23.1.9.10.el5_7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "product": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-1.23.1.9.10.el5_7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "product": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.23.1.9.10.el5_7?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "product": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.40.1.9.10.el6_1?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "product": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.23.1.9.10.el5_7?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "product": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-1.23.1.9.10.el5_7?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "product": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-1.23.1.9.10.el5_7?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "product": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-1.23.1.9.10.el5_7?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "product": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-1.23.1.9.10.el5_7?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "product": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-1.23.1.9.10.el5_7?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "product": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.23.1.9.10.el5_7?arch=i386\u0026epoch=1" } } } ], "category": "architecture", "name": "i386" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "relates_to_product_reference": "5Client-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "relates_to_product_reference": "5Client-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "relates_to_product_reference": "5Client-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "relates_to_product_reference": "5Client-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "relates_to_product_reference": "5Client-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "relates_to_product_reference": "5Client-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "relates_to_product_reference": "5Client-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "relates_to_product_reference": "5Client-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "relates_to_product_reference": "5Client-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "relates_to_product_reference": "5Client-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "relates_to_product_reference": "5Client-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "relates_to_product_reference": "5Client-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "relates_to_product_reference": "5Client-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "relates_to_product_reference": "5Server-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "relates_to_product_reference": "5Server-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "relates_to_product_reference": "5Server-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "relates_to_product_reference": "5Server-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "relates_to_product_reference": "5Server-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "relates_to_product_reference": "5Server-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "relates_to_product_reference": "5Server-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "relates_to_product_reference": "5Server-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "relates_to_product_reference": "5Server-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "relates_to_product_reference": "5Server-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "relates_to_product_reference": "5Server-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "relates_to_product_reference": "5Server-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "relates_to_product_reference": "5Server-5.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "relates_to_product_reference": "6Server-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "relates_to_product_reference": "6Server-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "relates_to_product_reference": "6Server-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "relates_to_product_reference": "6Server-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "relates_to_product_reference": "6Server-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "relates_to_product_reference": "6Server-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "relates_to_product_reference": "6Server-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "relates_to_product_reference": "6Server-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "relates_to_product_reference": "6Server-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "relates_to_product_reference": "6Server-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "relates_to_product_reference": "6Server-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "relates_to_product_reference": "6Server-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "relates_to_product_reference": "6Server-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "relates_to_product_reference": "6Server-optional-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "relates_to_product_reference": "6Server-optional-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "relates_to_product_reference": "6Server-optional-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "relates_to_product_reference": "6Server-optional-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "relates_to_product_reference": "6Server-optional-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "relates_to_product_reference": "6Server-optional-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "relates_to_product_reference": "6Server-optional-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "relates_to_product_reference": "6Server-optional-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "relates_to_product_reference": "6Server-optional-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "relates_to_product_reference": "6Server-optional-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "relates_to_product_reference": "6Server-optional-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "relates_to_product_reference": "6Server-optional-6.1.z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "relates_to_product_reference": "6Server-optional-6.1.z" } ] }, "vulnerabilities": [ { "cve": "CVE-2011-3389", "discovery_date": "2011-09-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "737506" } ], "notes": [ { "category": "description", "text": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat is aware of, and tracking, the Rizzo/Duong chosen plain text attack on SSL/TLS 1.0, also known as \"BEAST\". This issue has been assigned CVE-2011-3389. This attack uses web browser extensions to exploit a weakness in SSL/TLS cipher-block chaining (CBC), allowing a man-in-the-middle attacker to recover certain session information, such as cookie data, from what should be a secure connection.\n\nThe research shows two ways that an attacker could mount an attack. In both cases the attacker needs access to the data stream from the web browser to the server while a user visits a malicious website using a browser. The attacker may then be able to determine a portion of the data the browser sends to the server by making a large number of requests over a period of time. This data could include information such as an authentication cookie.\n\nThe first method of attack involves using WebSockets. Currently, Red Hat does not ship any products that allow an attack using WebSockets to be successful. We are planning to update Firefox to version 7, which contains protections in the WebSocket code that prevents this particular attack from being effective. \n\nThe second method of attack involves using a malicious Java applet. In order for the attack to be successful, the attacker would need to circumvent the Same Origin Policy (SOP) controls in Java. The researchers claim to have found a flaw in the Java SOP and we will issue updates to correct this flaw as suitable fixes are available.\n\nWe are in contact with various upstream projects regarding this attack. As a precautionary measure, we plan to update the Network Security Services (NSS), GnuTLS, and OpenSSL packages as suitable fixes are available.\n\nWe will continue to track this issue and take any appropriate actions as needed.\n\nThis statement and any updates to it is available at:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=737506", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3389" }, { "category": "external", "summary": "RHBZ#737506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3389", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3389" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3389", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3389" } ], "release_date": "2011-09-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-10-18T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:1380" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)" }, { "cve": "CVE-2011-3521", "discovery_date": "2011-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "745442" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3521" }, { "category": "external", "summary": "RHBZ#745442", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745442" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3521", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3521" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3521", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3521" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" } ], "release_date": "2011-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-10-18T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:1380" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)" }, { "cve": "CVE-2011-3544", "discovery_date": "2011-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "745399" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3544" }, { "category": "external", "summary": "RHBZ#745399", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745399" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3544", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3544" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3544", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3544" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2011-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-10-18T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:1380" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-03-03T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)" }, { "cve": "CVE-2011-3547", "discovery_date": "2011-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "745387" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3547" }, { "category": "external", "summary": "RHBZ#745387", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745387" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3547", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3547" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3547", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3547" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" } ], "release_date": "2011-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-10-18T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:1380" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)" }, { "cve": "CVE-2011-3548", "discovery_date": "2011-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "745473" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3548" }, { "category": "external", "summary": "RHBZ#745473", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745473" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3548", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3548" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" } ], "release_date": "2011-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-10-18T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:1380" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)" }, { "cve": "CVE-2011-3551", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2011-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "745391" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3551" }, { "category": "external", "summary": "RHBZ#745391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745391" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3551", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3551" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3551", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3551" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" } ], "release_date": "2011-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-10-18T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:1380" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)" }, { "cve": "CVE-2011-3552", "discovery_date": "2011-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "745397" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3552" }, { "category": "external", "summary": "RHBZ#745397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745397" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3552", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3552" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3552", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3552" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" } ], "release_date": "2011-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-10-18T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:1380" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)" }, { "cve": "CVE-2011-3553", "discovery_date": "2011-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "745476" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3553" }, { "category": "external", "summary": "RHBZ#745476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3553", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3553" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3553", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3553" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" } ], "release_date": "2011-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-10-18T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:1380" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)" }, { "cve": "CVE-2011-3554", "discovery_date": "2011-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "745447" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3554" }, { "category": "external", "summary": "RHBZ#745447", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745447" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3554", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3554" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3554", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3554" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" } ], "release_date": "2011-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-10-18T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:1380" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)" }, { "cve": "CVE-2011-3556", "discovery_date": "2011-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "745459" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3557.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: RMI DGC server remote code execution (RMI, 7077466)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3556" }, { "category": "external", "summary": "RHBZ#745459", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745459" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3556", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3556" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3556", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3556" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" } ], "release_date": "2011-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-10-18T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:1380" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: RMI DGC server remote code execution (RMI, 7077466)" }, { "cve": "CVE-2011-3557", "discovery_date": "2011-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "745464" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3556.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: RMI registry privileged code execution (RMI, 7083012)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3557" }, { "category": "external", "summary": "RHBZ#745464", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745464" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3557", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3557" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3557", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3557" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" } ], "release_date": "2011-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-10-18T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:1380" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: RMI registry privileged code execution (RMI, 7083012)" }, { "cve": "CVE-2011-3558", "discovery_date": "2011-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "745492" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3558" }, { "category": "external", "summary": "RHBZ#745492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745492" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3558", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3558" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3558", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3558" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" } ], "release_date": "2011-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-10-18T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:1380" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)" }, { "cve": "CVE-2011-3560", "discovery_date": "2011-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "745379" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-3560" }, { "category": "external", "summary": "RHBZ#745379", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745379" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-3560", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3560" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3560", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3560" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" } ], "release_date": "2011-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-10-18T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:1380" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Client-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Client-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.src", "5Server-5.7.Z:java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.i386", "5Server-5.7.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.src", "6Server-optional-6.1.z:java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.i686", "6Server-optional-6.1.z:java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.