rhsa-2008_0245
Vulnerability from csaf_redhat
Published
2008-04-28 09:22
Modified
2024-11-14 10:06
Summary
Red Hat Security Advisory: java-1.6.0-bea security update
Notes
Topic
Updated java-1.6.0-bea packages that correct several security issues are
now available for Red Hat Enterprise Linux 5 Supplementary.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
The BEA WebLogic JRockit 1.6.0_03 JRE and SDK contain BEA WebLogic JRockit
Virtual Machine 1.6.0_03, and are certified for the Java 6 Platform,
Standard Edition, v1.6.0.
The Java XML parsing code processed external entity references even when
the "external general entities" property was set to "FALSE". This allowed
remote attackers to conduct XML External Entity (XXE) attacks, possibly
causing a denial of service, or gaining access to restricted resources.
(CVE-2008-0628)
A flaw was found in the Java XSLT processing classes. An untrusted
application or applet could cause a denial of service, or execute arbitrary
code with the permissions of the user running the JRE. (CVE-2008-1187)
A flaw was found in the JRE image parsing libraries. An untrusted
application or applet could cause a denial of service, or possible execute
arbitrary code with the permissions of the user running the JRE.
(CVE-2008-1193)
A flaw was found in the JRE color management library. An untrusted
application or applet could trigger a denial of service (JVM crash).
(CVE-2008-1194)
The vulnerabilities concerning applets listed above can only be triggered
in java-1.6.0-bea, by calling the "appletviewer" application.
Users of java-1.6.0-bea are advised to upgrade to these updated packages,
which resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated java-1.6.0-bea packages that correct several security issues are\nnow available for Red Hat Enterprise Linux 5 Supplementary. \n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "The BEA WebLogic JRockit 1.6.0_03 JRE and SDK contain BEA WebLogic JRockit\nVirtual Machine 1.6.0_03, and are certified for the Java 6 Platform,\nStandard Edition, v1.6.0.\n\nThe Java XML parsing code processed external entity references even when\nthe \"external general entities\" property was set to \"FALSE\". This allowed\nremote attackers to conduct XML External Entity (XXE) attacks, possibly\ncausing a denial of service, or gaining access to restricted resources.\n(CVE-2008-0628)\n\nA flaw was found in the Java XSLT processing classes. An untrusted\napplication or applet could cause a denial of service, or execute arbitrary\ncode with the permissions of the user running the JRE. (CVE-2008-1187)\n\nA flaw was found in the JRE image parsing libraries. An untrusted\napplication or applet could cause a denial of service, or possible execute\narbitrary code with the permissions of the user running the JRE.\n(CVE-2008-1193)\n\nA flaw was found in the JRE color management library. An untrusted\napplication or applet could trigger a denial of service (JVM crash).\n(CVE-2008-1194)\n\nThe vulnerabilities concerning applets listed above can only be triggered\nin java-1.6.0-bea, by calling the \"appletviewer\" application.\n\nUsers of java-1.6.0-bea are advised to upgrade to these updated packages,\nwhich resolve these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2008:0245", "url": "https://access.redhat.com/errata/RHSA-2008:0245" }, { "category": "external", "summary": "http://www.redhat.com/security/updates/classification/#moderate", "url": "http://www.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "431416", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431416" }, { "category": "external", "summary": "436030", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436030" }, { "category": "external", "summary": "436296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436296" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0245.json" } ], "title": "Red Hat Security Advisory: java-1.6.0-bea security update", "tracking": { "current_release_date": "2024-11-14T10:06:09+00:00", "generator": { "date": "2024-11-14T10:06:09+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2008:0245", "initial_release_date": "2008-04-28T09:22:00+00:00", "revision_history": [ { "date": "2008-04-28T09:22:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2008-04-28T05:22:21+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T10:06:09+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686", "product": { "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686", "product_id": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-bea-demo@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686", "product": { "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686", "product_id": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-bea-devel@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686", "product": { "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686", "product_id": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-bea-src@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686", "product": { "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686", "product_id": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-bea-missioncontrol@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686", "product": { "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686", "product_id": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-bea-jdbc@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686", "product": { "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686", "product_id": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-bea@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64", "product": { "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64", "product_id": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-bea-demo@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64", "product": { "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64", "product_id": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-bea-devel@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64", "product": { "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64", "product_id": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-bea-src@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64", "product": { "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64", "product_id": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-bea-missioncontrol@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64", "product": { "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64", "product_id": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-bea-jdbc@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64", "product": { "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64", "product_id": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-bea@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686" }, "product_reference": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686" }, "product_reference": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686" }, "product_reference": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686" }, "product_reference": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686" }, "product_reference": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686" }, "product_reference": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686" }, "product_reference": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686" }, "product_reference": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686" }, "product_reference": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686" }, "product_reference": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686" }, "product_reference": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686" }, "product_reference": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64" }, "product_reference": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" } ] }, "vulnerabilities": [ { "cve": "CVE-2008-0628", "discovery_date": "2008-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "431416" } ], "notes": [ { "category": "description", "text": "The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \"external general entities\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "java-1.6.0 default external entity processing", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0628" }, { "category": "external", "summary": "RHBZ#431416", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431416" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0628", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0628" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0628", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0628" } ], "release_date": "2008-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-04-28T09:22:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0245" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "java-1.6.0 default external entity processing" }, { "cve": "CVE-2008-1187", "discovery_date": "2008-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "436030" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.", "title": "Vulnerability description" }, { "category": "summary", "text": "Untrusted applet and application XSLT processing privilege escalation", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1187" }, { "category": "external", "summary": "RHBZ#436030", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436030" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1187", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1187" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1187", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1187" } ], "release_date": "2008-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-04-28T09:22:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0245" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Untrusted applet and application XSLT processing privilege escalation" }, { "cve": "CVE-2008-1193", "discovery_date": "2008-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "436296" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.", "title": "Vulnerability description" }, { "category": "summary", "text": "JRE image parsing library allows privilege escalation (CVE-2008-1194)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1193" }, { "category": "external", "summary": "RHBZ#436296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436296" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1193", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1193" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1193", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1193" } ], "release_date": "2008-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-04-28T09:22:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0245" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JRE image parsing library allows privilege escalation (CVE-2008-1194)" }, { "cve": "CVE-2008-1194", "discovery_date": "2008-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "436296" } ], "notes": [ { "category": "description", "text": "Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JRE image parsing library allows privilege escalation (CVE-2008-1194)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1194" }, { "category": "external", "summary": "RHBZ#436296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436296" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1194", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1194" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1194", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1194" } ], "release_date": "2008-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-04-28T09:22:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64", "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686", "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64", "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686", "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0245" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JRE image parsing library allows privilege escalation (CVE-2008-1194)" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.