rhsa-2015_1091
Vulnerability from csaf_redhat
Published
2015-06-11 13:21
Modified
2024-12-01 12:00
Summary
Red Hat Security Advisory: Red Hat Satellite IBM Java Runtime security update
Notes
Topic
Updated java-1.6.0-ibm packages that fix several security issues are now
available for Red Hat Satellite 5.6 and 5.7.
Red Hat Product Security has rated this update as having Low security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.
This update corrects several security vulnerabilities in the IBM Java
Runtime Environment shipped as part of Red Hat Satellite 5. In a typical
operating environment, these are of low security risk as the runtime is not
used on untrusted applets. Further information about these flaws can be
found on the IBM Java Security alerts page, listed in the References
section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458,
CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480,
CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808)
The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat
Product Security.
Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites
by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla
bug 1207101, linked to from the References section, for additional details
about this change.
Users of Red Hat Satellite 5.6 and 5.7 are advised to upgrade to these
updated packages, which contain the IBM Java SE 6 SR16-FP4 release. For
this update to take effect, Red Hat Satellite must be restarted
("/usr/sbin/rhn-satellite restart"), as well as all running instances of
IBM Java.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated java-1.6.0-ibm packages that fix several security issues are now\navailable for Red Hat Satellite 5.6 and 5.7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Satellite 5. In a typical\noperating environment, these are of low security risk as the runtime is not\nused on untrusted applets. Further information about these flaws can be\nfound on the IBM Java Security alerts page, listed in the References\nsection. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458,\nCVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480,\nCVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nNote: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites\nby default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla\nbug 1207101, linked to from the References section, for additional details\nabout this change.\n\nUsers of Red Hat Satellite 5.6 and 5.7 are advised to upgrade to these\nupdated packages, which contain the IBM Java SE 6 SR16-FP4 release. For\nthis update to take effect, Red Hat Satellite must be restarted\n(\"/usr/sbin/rhn-satellite restart\"), as well as all running instances of\nIBM Java.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2015:1091", "url": "https://access.redhat.com/errata/RHSA-2015:1091" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "https://www.ibm.com/developerworks/java/jdk/alerts/", "url": "https://www.ibm.com/developerworks/java/jdk/alerts/" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c4", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c4" }, { "category": "external", "summary": "606442", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=606442" }, { "category": "external", "summary": "1207101", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207101" }, { "category": "external", "summary": "1210355", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210355" }, { "category": "external", "summary": "1210829", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210829" }, { "category": "external", "summary": "1211299", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211299" }, { "category": "external", "summary": "1211504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211504" }, { "category": "external", "summary": "1211543", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211543" }, { "category": "external", "summary": "1211768", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211768" }, { "category": "external", "summary": "1211769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211769" }, { "category": "external", "summary": "1211771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211771" }, { "category": "external", "summary": "1219212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219212" }, { "category": "external", "summary": "1219215", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219215" }, { "category": "external", "summary": "1219223", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219223" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1091.json" } ], "title": "Red Hat Security Advisory: Red Hat Satellite IBM Java Runtime security update", "tracking": { "current_release_date": "2024-12-01T12:00:21+00:00", "generator": { "date": "2024-12-01T12:00:21+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2015:1091", "initial_release_date": "2015-06-11T13:21:29+00:00", "revision_history": [ { "date": "2015-06-11T13:21:29+00:00", "number": "1", "summary": "Initial version" }, { "date": "2015-06-11T13:21:29+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-01T12:00:21+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Satellite 5.6 (RHEL v.5)", "product": { "name": "Red Hat Satellite 5.6 (RHEL v.5)", "product_id": "5Server-Satellite56", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.6::el5" } } }, { "category": "product_name", "name": "Red Hat Satellite 5.7 (RHEL v.6)", "product": { "name": "Red Hat Satellite 5.7 (RHEL v.6)", "product_id": "6Server-Satellite57", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.7::el6" } } }, { "category": "product_name", "name": "Red Hat Satellite 5.6 (RHEL v.6)", "product": { "name": "Red Hat Satellite 5.6 (RHEL v.6)", "product_id": "6Server-Satellite56", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.6::el6" } } } ], "category": "product_family", "name": "Red Hat Satellite" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "product": { "name": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "product_id": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.16.4-1jpp.1.el5?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "product": { "name": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "product_id": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.16.4-1jpp.1.el5?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "product": { "name": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "product_id": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.16.4-1jpp.1.el6_6?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "product": { "name": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "product_id": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.16.4-1jpp.1.el6_6?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "product": { "name": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "product_id": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.16.4-1jpp.1.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "product": { "name": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "product_id": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.16.4-1jpp.1.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "product": { "name": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "product_id": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.16.4-1jpp.1.el6_6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "product": { "name": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "product_id": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.16.4-1jpp.1.el6_6?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "product": { "name": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "product_id": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.16.4-1jpp.1.el5?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "product": { "name": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "product_id": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.16.4-1jpp.1.el6_6?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x as a component of Red Hat Satellite 5.6 (RHEL v.5)", "product_id": "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "relates_to_product_reference": "5Server-Satellite56" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src as a component of Red Hat Satellite 5.6 (RHEL v.5)", "product_id": "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "relates_to_product_reference": "5Server-Satellite56" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64 as a component of Red Hat Satellite 5.6 (RHEL v.5)", "product_id": "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-Satellite56" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x as a component of Red Hat Satellite 5.6 (RHEL v.5)", "product_id": "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x" }, "product_reference": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "relates_to_product_reference": "5Server-Satellite56" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64 as a component of Red Hat Satellite 5.6 (RHEL v.5)", "product_id": "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-Satellite56" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x as a component of Red Hat Satellite 5.6 (RHEL v.6)", "product_id": "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "relates_to_product_reference": "6Server-Satellite56" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src as a component of Red Hat Satellite 5.6 (RHEL v.6)", "product_id": "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "relates_to_product_reference": "6Server-Satellite56" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64 as a component of Red Hat Satellite 5.6 (RHEL v.6)", "product_id": "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "relates_to_product_reference": "6Server-Satellite56" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x as a component of Red Hat Satellite 5.6 (RHEL v.6)", "product_id": "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x" }, "product_reference": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "relates_to_product_reference": "6Server-Satellite56" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64 as a component of Red Hat Satellite 5.6 (RHEL v.6)", "product_id": "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" }, "product_reference": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "relates_to_product_reference": "6Server-Satellite56" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x as a component of Red Hat Satellite 5.7 (RHEL v.6)", "product_id": "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "relates_to_product_reference": "6Server-Satellite57" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src as a component of Red Hat Satellite 5.7 (RHEL v.6)", "product_id": "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "relates_to_product_reference": "6Server-Satellite57" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64 as a component of Red Hat Satellite 5.7 (RHEL v.6)", "product_id": "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "relates_to_product_reference": "6Server-Satellite57" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x as a component of Red Hat Satellite 5.7 (RHEL v.6)", "product_id": "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x" }, "product_reference": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "relates_to_product_reference": "6Server-Satellite57" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64 as a component of Red Hat Satellite 5.7 (RHEL v.6)", "product_id": "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" }, "product_reference": "java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "relates_to_product_reference": "6Server-Satellite57" } ] }, "vulnerabilities": [ { "cve": "CVE-2005-1080", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2010-05-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "606442" } ], "notes": [ { "category": "description", "text": "A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted.", "title": "Vulnerability description" }, { "category": "summary", "text": "jar: directory traversal vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-1080" }, { "category": "external", "summary": "RHBZ#606442", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=606442" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-1080", "url": "https://www.cve.org/CVERecord?id=CVE-2005-1080" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-1080", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-1080" } ], "release_date": "2005-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-06-11T13:21:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1091" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jar: directory traversal vulnerability" }, { "cve": "CVE-2015-0138", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "discovery_date": "2015-05-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1219223" } ], "notes": [ { "category": "description", "text": "GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites (FREAK)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0138" }, { "category": "external", "summary": "RHBZ#1219223", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219223" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0138", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0138" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0138", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0138" } ], "release_date": "2015-03-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-06-11T13:21:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1091" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites (FREAK)" }, { "cve": "CVE-2015-0192", "discovery_date": "2015-05-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1219212" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified Java sandbox restrictions bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0192" }, { "category": "external", "summary": "RHBZ#1219212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219212" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0192", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0192" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0192", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0192" } ], "release_date": "2015-05-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-06-11T13:21:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1091" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified Java sandbox restrictions bypass" }, { "cve": "CVE-2015-0458", "discovery_date": "2015-04-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1211771" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u95, 7u79 and 8u45 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0458" }, { "category": "external", "summary": "RHBZ#1211771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211771" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0458", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0458" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0458", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0458" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" } ], "release_date": "2015-04-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-06-11T13:21:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1091" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK: unspecified vulnerability fixed in 6u95, 7u79 and 8u45 (Deployment)" }, { "cve": "CVE-2015-0459", "discovery_date": "2015-04-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1211768" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0459" }, { "category": "external", "summary": "RHBZ#1211768", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211768" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0459", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0459" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0459", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0459" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" } ], "release_date": "2015-04-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-06-11T13:21:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1091" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D)" }, { "cve": "CVE-2015-0469", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2015-04-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1210829" } ], "notes": [ { "category": "description", "text": "An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0469" }, { "category": "external", "summary": "RHBZ#1210829", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210829" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0469", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0469" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0469", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0469" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" } ], "release_date": "2015-04-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-06-11T13:21:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1091" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699)" }, { "cve": "CVE-2015-0477", "discovery_date": "2015-04-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1211299" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: incorrect permissions check in resource loading (Beans, 8068320)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0477" }, { "category": "external", "summary": "RHBZ#1211299", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211299" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0477", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0477" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0477", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0477" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" } ], "release_date": "2015-04-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-06-11T13:21:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1091" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: incorrect permissions check in resource loading (Beans, 8068320)" }, { "acknowledgments": [ { "names": [ "Florian Weimer" ], "organization": "Red Hat Product Security", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2015-0478", "cwe": { "id": "CWE-358", "name": "Improperly Implemented Security Check for Standard" }, "discovery_date": "2015-01-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1210355" } ], "notes": [ { "category": "description", "text": "It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insufficient hardening of RSA-CRT implementation (JCE, 8071726)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0478" }, { "category": "external", "summary": "RHBZ#1210355", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210355" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0478", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0478" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0478", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0478" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" }, { "category": "external", "summary": "https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf", "url": "https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf" }, { "category": "external", "summary": "https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/", "url": "https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/" } ], "release_date": "2015-04-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-06-11T13:21:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1091" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK: insufficient hardening of RSA-CRT implementation (JCE, 8071726)" }, { "cve": "CVE-2015-0480", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2015-04-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1211504" } ], "notes": [ { "category": "description", "text": "A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: jar directory traversal issues (Tools, 8064601)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0480" }, { "category": "external", "summary": "RHBZ#1211504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211504" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0480", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0480" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0480", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0480" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" } ], "release_date": "2005-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-06-11T13:21:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1091" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK: jar directory traversal issues (Tools, 8064601)" }, { "cve": "CVE-2015-0488", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "discovery_date": "2015-04-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1211543" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0488" }, { "category": "external", "summary": "RHBZ#1211543", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211543" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0488", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0488" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0488", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0488" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" } ], "release_date": "2015-04-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-06-11T13:21:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1091" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720)" }, { "cve": "CVE-2015-0491", "discovery_date": "2015-04-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1211769" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0491" }, { "category": "external", "summary": "RHBZ#1211769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211769" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0491", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0491" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0491", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0491" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" } ], "release_date": "2015-04-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-06-11T13:21:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1091" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D)" }, { "cve": "CVE-2015-1914", "discovery_date": "2015-05-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1219215" } ], "notes": [ { "category": "description", "text": "IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass \"permission checks\" and obtain sensitive information via vectors related to the Java Virtual Machine.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified partial Java sandbox restrictions bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-1914" }, { "category": "external", "summary": "RHBZ#1219215", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219215" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-1914", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1914" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1914", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1914" } ], "release_date": "2015-05-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-06-11T13:21:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1091" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK: unspecified partial Java sandbox restrictions bypass" }, { "cve": "CVE-2015-2808", "discovery_date": "2015-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1207101" } ], "notes": [ { "category": "description", "text": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is related to the design of the RC4 protocol and not its implementation. Therefore there are no plans to correct this issue in Red Hat Enterprise Linux 5, 6 and 7. Future updates may disable the use of RC4 in various components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-2808" }, { "category": "external", "summary": "RHBZ#1207101", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207101" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-2808", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2808" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-2808", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2808" }, { "category": "external", "summary": "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", "url": "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf" } ], "release_date": "2015-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-06-11T13:21:29+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1091" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.src", "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5.x86_64", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.s390x", "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5.x86_64", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.