rhsa-2009_0466
Vulnerability from csaf_redhat
Published
2009-05-07 11:45
Modified
2024-11-14 10:07
Summary
Red Hat Security Advisory: java-1.5.0-ibm security update
Notes
Topic
Updated java-1.5.0-ibm packages that fix several security issues are now
available for Red Hat Network Satellite Server.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Details
This update corrects several security vulnerabilities in the IBM Java 2
Runtime Environment and the IBM Java 2 Software Development Kit, shipped as
part of Red Hat Network Satellite Server. In a typical operating
environment, these are of low security risk as the runtime is not used on
untrusted applets.
Several vulnerabilities were discovered in the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit. These
vulnerabilities are summarized on the IBM "Security alerts" page listed in
the References section. (CVE-2008-3103, CVE-2008-5345, CVE-2008-5346,
CVE-2008-5348, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352,
CVE-2008-5353, CVE-2008-5354, CVE-2008-5356, CVE-2008-5357, CVE-2008-5359,
CVE-2008-5360)
All users of java-1.5.0-ibm are advised to upgrade to these updated
packages, containing the IBM 1.5.0 SR9 Java release. All running instances
of IBM Java must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated java-1.5.0-ibm packages that fix several security issues are now\navailable for Red Hat Network Satellite Server.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.", "title": "Topic" }, { "category": "general", "text": "This update corrects several security vulnerabilities in the IBM Java 2\nRuntime Environment and the IBM Java 2 Software Development Kit, shipped as\npart of Red Hat Network Satellite Server. In a typical operating\nenvironment, these are of low security risk as the runtime is not used on\nuntrusted applets.\n\nSeveral vulnerabilities were discovered in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2008-3103, CVE-2008-5345, CVE-2008-5346,\nCVE-2008-5348, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352,\nCVE-2008-5353, CVE-2008-5354, CVE-2008-5356, CVE-2008-5357, CVE-2008-5359,\nCVE-2008-5360)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2009:0466", "url": "https://access.redhat.com/errata/RHSA-2009:0466" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "http://www-128.ibm.com/developerworks/java/jdk/alerts/", "url": "http://www-128.ibm.com/developerworks/java/jdk/alerts/" }, { "category": "external", "summary": "452659", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=452659" }, { "category": "external", "summary": "472201", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472201" }, { "category": "external", "summary": "472206", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472206" }, { "category": "external", "summary": "472209", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472209" }, { "category": "external", "summary": "472211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472211" }, { "category": "external", "summary": "472212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472212" }, { "category": "external", "summary": "472213", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472213" }, { "category": "external", "summary": "472218", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472218" }, { "category": "external", "summary": "472224", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472224" }, { "category": "external", "summary": "472228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472228" }, { "category": "external", "summary": "472231", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472231" }, { "category": "external", "summary": "472233", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472233" }, { "category": "external", "summary": "474793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=474793" }, { "category": "external", "summary": "474794", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=474794" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0466.json" } ], "title": "Red Hat Security Advisory: java-1.5.0-ibm security update", "tracking": { "current_release_date": "2024-11-14T10:07:35+00:00", "generator": { "date": "2024-11-14T10:07:35+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2009:0466", "initial_release_date": "2009-05-07T11:45:00+00:00", "revision_history": [ { "date": "2009-05-07T11:45:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2009-05-07T07:45:26+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T10:07:35+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Satellite 5.2 (RHEL v.5)", "product": { "name": "Red Hat Satellite 5.2 (RHEL v.5)", "product_id": "5Server-Satellite", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.2::el5" } } }, { "category": "product_name", "name": "Red Hat Satellite 5.2 (RHEL v.4 AS)", "product": { "name": "Red Hat Satellite 5.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.2::el4" } } } ], "category": "product_family", "name": "Red Hat Satellite" }, { "branches": [ { "category": "product_version", "name": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "product": { "name": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "product_id": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-ibm-devel@1.5.0.9-1jpp.2.el5?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "product": { "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "product_id": "java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-ibm@1.5.0.9-1jpp.2.el5?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "product": { "name": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "product_id": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-ibm-devel@1.5.0.9-1jpp.4.el4?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "product": { "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "product_id": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-ibm@1.5.0.9-1jpp.4.el4?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64", "product": { "name": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64", "product_id": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-ibm-devel@1.5.0.9-1jpp.2.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "product": { "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "product_id": "java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-ibm@1.5.0.9-1jpp.2.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "product": { "name": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "product_id": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-ibm-devel@1.5.0.9-1jpp.4.el4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "product": { "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "product_id": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-ibm@1.5.0.9-1jpp.4.el4?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "product": { "name": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "product_id": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-ibm-devel@1.5.0.9-1jpp.2.el5?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "product": { "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "product_id": "java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-ibm@1.5.0.9-1jpp.2.el5?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "product": { "name": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "product_id": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-ibm-devel@1.5.0.9-1jpp.4.el4?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "product": { "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "product_id": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-ibm@1.5.0.9-1jpp.4.el4?arch=i386\u0026epoch=1" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "product": { "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "product_id": "java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-ibm@1.5.0.9-1jpp.2.el5?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "product": { "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "product_id": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-ibm@1.5.0.9-1jpp.4.el4?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "product": { "name": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "product_id": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-ibm-devel@1.5.0.9-1jpp.4.el4?arch=s390\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "product": { "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "product_id": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-ibm@1.5.0.9-1jpp.4.el4?arch=s390\u0026epoch=1" } } } ], "category": "architecture", "name": "s390" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386 as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386" }, "product_reference": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "relates_to_product_reference": "4AS-RHNSAT5.2" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390 as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390" }, "product_reference": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "relates_to_product_reference": "4AS-RHNSAT5.2" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x" }, "product_reference": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "relates_to_product_reference": "4AS-RHNSAT5.2" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src" }, "product_reference": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "relates_to_product_reference": "4AS-RHNSAT5.2" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64 as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64" }, "product_reference": "java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "relates_to_product_reference": "4AS-RHNSAT5.2" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386 as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386" }, "product_reference": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "relates_to_product_reference": "4AS-RHNSAT5.2" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390 as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390" }, "product_reference": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "relates_to_product_reference": "4AS-RHNSAT5.2" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x" }, "product_reference": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "relates_to_product_reference": "4AS-RHNSAT5.2" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64 as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64" }, "product_reference": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "relates_to_product_reference": "4AS-RHNSAT5.2" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386 as a component of Red Hat Satellite 5.2 (RHEL v.5)", "product_id": "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386" }, "product_reference": "java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "relates_to_product_reference": "5Server-Satellite" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x as a component of Red Hat Satellite 5.2 (RHEL v.5)", "product_id": "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x" }, "product_reference": "java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "relates_to_product_reference": "5Server-Satellite" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src as a component of Red Hat Satellite 5.2 (RHEL v.5)", "product_id": "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src" }, "product_reference": "java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "relates_to_product_reference": "5Server-Satellite" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64 as a component of Red Hat Satellite 5.2 (RHEL v.5)", "product_id": "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64" }, "product_reference": "java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Server-Satellite" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386 as a component of Red Hat Satellite 5.2 (RHEL v.5)", "product_id": "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386" }, "product_reference": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "relates_to_product_reference": "5Server-Satellite" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x as a component of Red Hat Satellite 5.2 (RHEL v.5)", "product_id": "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x" }, "product_reference": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "relates_to_product_reference": "5Server-Satellite" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64 as a component of Red Hat Satellite 5.2 (RHEL v.5)", "product_id": "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" }, "product_reference": "java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64", "relates_to_product_reference": "5Server-Satellite" } ] }, "vulnerabilities": [ { "cve": "CVE-2008-3103", "discovery_date": "2008-06-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "452659" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to \"perform unauthorized operations\" via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK JMX allows illegal operations with local monitoring (6332953)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-3103" }, { "category": "external", "summary": "RHBZ#452659", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=452659" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3103", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3103" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3103", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3103" } ], "release_date": "2008-07-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-05-07T11:45:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:0466" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK JMX allows illegal operations with local monitoring (6332953)" }, { "cve": "CVE-2008-5345", "discovery_date": "2008-12-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "474793" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier allows code that is loaded from a local filesystem to read arbitrary files and make unauthorized connections to localhost via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JRE allows unauthorized file access and connections to localhost", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5345" }, { "category": "external", "summary": "RHBZ#474793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=474793" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5345", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5345" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5345", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5345" } ], "release_date": "2008-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-05-07T11:45:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:0466" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JRE allows unauthorized file access and connections to localhost" }, { "cve": "CVE-2008-5346", "discovery_date": "2008-12-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "474794" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file.", "title": "Vulnerability description" }, { "category": "summary", "text": "JRE allows unauthorized memory read access via a crafted ZIP file", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5346" }, { "category": "external", "summary": "RHBZ#474794", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=474794" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5346", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5346" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5346", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5346" } ], "release_date": "2008-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-05-07T11:45:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:0466" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JRE allows unauthorized memory read access via a crafted ZIP file" }, { "cve": "CVE-2008-5348", "discovery_date": "2008-11-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "472209" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Denial-Of-Service in kerberos authentication (6588160)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5348" }, { "category": "external", "summary": "RHBZ#472209", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472209" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5348", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5348" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5348", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5348" } ], "release_date": "2008-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-05-07T11:45:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:0466" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK Denial-Of-Service in kerberos authentication (6588160)" }, { "cve": "CVE-2008-5349", "discovery_date": "2008-11-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "472206" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK RSA public key length denial-of-service (6497740)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5349" }, { "category": "external", "summary": "RHBZ#472206", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472206" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5349", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5349" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5349", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5349" } ], "release_date": "2008-12-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-05-07T11:45:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:0466" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "products": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK RSA public key length denial-of-service (6497740)" }, { "cve": "CVE-2008-5350", "discovery_date": "2008-11-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "472201" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user\u0027s directory via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK allows to list files within the user home directory (6484091)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5350" }, { "category": "external", "summary": "RHBZ#472201", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472201" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5350", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5350" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5350", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5350" } ], "release_date": "2008-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-05-07T11:45:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:0466" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK allows to list files within the user home directory (6484091)" }, { "cve": "CVE-2008-5351", "discovery_date": "2008-11-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "472213" } ], "notes": [ { "category": "description", "text": "Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the \"shortest\" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK UTF-8 decoder accepts non-shortest form sequences (4486841)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5351" }, { "category": "external", "summary": "RHBZ#472213", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472213" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5351", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5351" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5351", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5351" } ], "release_date": "2008-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-05-07T11:45:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:0466" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK UTF-8 decoder accepts non-shortest form sequences (4486841)" }, { "cve": "CVE-2008-5352", "discovery_date": "2008-11-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "472233" } ], "notes": [ { "category": "description", "text": "Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Jar200 Decompression buffer overflow (6755943)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5352" }, { "category": "external", "summary": "RHBZ#472233", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472233" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5352", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5352" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5352", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5352" } ], "release_date": "2008-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-05-07T11:45:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:0466" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK Jar200 Decompression buffer overflow (6755943)" }, { "cve": "CVE-2008-5353", "discovery_date": "2008-11-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "472224" } ], "notes": [ { "category": "description", "text": "The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by \"deserializing Calendar objects\".", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK calendar object deserialization allows privilege escalation (6734167)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5353" }, { "category": "external", "summary": "RHBZ#472224", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472224" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5353", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5353" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5353", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5353" } ], "release_date": "2008-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-05-07T11:45:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:0466" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK calendar object deserialization allows privilege escalation (6734167)" }, { "cve": "CVE-2008-5354", "discovery_date": "2008-11-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "472228" } ], "notes": [ { "category": "description", "text": "Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Privilege escalation in command line applications (6733959)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5354" }, { "category": "external", "summary": "RHBZ#472228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472228" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5354", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5354" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5354", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5354" } ], "release_date": "2008-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-05-07T11:45:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:0466" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK Privilege escalation in command line applications (6733959)" }, { "cve": "CVE-2008-5356", "discovery_date": "2008-11-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "472218" } ], "notes": [ { "category": "description", "text": "Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Font processing vulnerability (6733336)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5356" }, { "category": "external", "summary": "RHBZ#472218", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472218" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5356", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5356" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5356", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5356" } ], "release_date": "2008-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-05-07T11:45:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:0466" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK Font processing vulnerability (6733336)" }, { "cve": "CVE-2008-5357", "discovery_date": "2008-11-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "472231" } ], "notes": [ { "category": "description", "text": "Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Truetype Font processing vulnerability (6751322)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5357" }, { "category": "external", "summary": "RHBZ#472231", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472231" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5357", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5357" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5357", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5357" } ], "release_date": "2008-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-05-07T11:45:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:0466" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK Truetype Font processing vulnerability (6751322)" }, { "cve": "CVE-2008-5359", "discovery_date": "2008-11-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "472212" } ], "notes": [ { "category": "description", "text": "Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Buffer overflow in image processing (6726779)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5359" }, { "category": "external", "summary": "RHBZ#472212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472212" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5359", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5359" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5359", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5359" } ], "release_date": "2008-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-05-07T11:45:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:0466" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK Buffer overflow in image processing (6726779)" }, { "cve": "CVE-2008-5360", "discovery_date": "2008-11-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "472211" } ], "notes": [ { "category": "description", "text": "Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK temporary files have guessable file names (6721753)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5360" }, { "category": "external", "summary": "RHBZ#472211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472211" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5360", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5360" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5360", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5360" } ], "release_date": "2008-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-05-07T11:45:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.src", "4AS-RHNSAT5.2:java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4.x86_64", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.i386", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.s390x", "4AS-RHNSAT5.2:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4.x86_64", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.src", "5Server-Satellite:java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5.x86_64", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.i386", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.s390x", "5Server-Satellite:java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:0466" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK temporary files have guessable file names (6721753)" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.