rhsa-2010_0338
Vulnerability from csaf_redhat
Published
2010-04-01 02:56
Modified
2024-11-14 10:48
Summary
Red Hat Security Advisory: java-1.5.0-sun security update
Notes
Topic
The java-1.5.0-sun packages as shipped in Red Hat Enterprise Linux 4 Extras
and 5 Supplementary contain security flaws and should not be used.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and
the Sun Java 5 Software Development Kit.
The java-1.5.0-sun packages are vulnerable to a number of security flaws
and should no longer be used. (CVE-2009-3555, CVE-2010-0082, CVE-2010-0084,
CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0091,
CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837,
CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842,
CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847,
CVE-2010-0848, CVE-2010-0849)
The Sun Java SE Release family 5.0 reached its End of Service Life on
November 3, 2009. The RHSA-2009:1571 update provided the final publicly
available update of version 5.0 (Update 22). Users interested in continuing
to receive critical fixes for Sun Java SE 5.0 should contact Oracle:
http://www.sun.com/software/javaforbusiness/index.jsp
An alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of the
IBM Developer Kit for Linux, which is available from the Extras and
Supplementary channels on the Red Hat Network.
Applications capable of using the Java 6 runtime can be migrated to Java 6
on: OpenJDK (java-1.6.0-openjdk), an open source JDK included in Red Hat
Enterprise Linux 5, since 5.3; the IBM JDK, java-1.6.0-ibm; or the Sun JDK,
java-1.6.0-sun.
This update removes the java-1.5.0-sun packages as they have reached their
End of Service Life.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "The java-1.5.0-sun packages as shipped in Red Hat Enterprise Linux 4 Extras\nand 5 Supplementary contain security flaws and should not be used.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and\nthe Sun Java 5 Software Development Kit.\n\nThe java-1.5.0-sun packages are vulnerable to a number of security flaws\nand should no longer be used. (CVE-2009-3555, CVE-2010-0082, CVE-2010-0084,\nCVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0091,\nCVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837,\nCVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842,\nCVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847,\nCVE-2010-0848, CVE-2010-0849)\n\nThe Sun Java SE Release family 5.0 reached its End of Service Life on\nNovember 3, 2009. The RHSA-2009:1571 update provided the final publicly\navailable update of version 5.0 (Update 22). Users interested in continuing\nto receive critical fixes for Sun Java SE 5.0 should contact Oracle:\n\nhttp://www.sun.com/software/javaforbusiness/index.jsp\n\nAn alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of the\nIBM Developer Kit for Linux, which is available from the Extras and\nSupplementary channels on the Red Hat Network.\n\nApplications capable of using the Java 6 runtime can be migrated to Java 6\non: OpenJDK (java-1.6.0-openjdk), an open source JDK included in Red Hat\nEnterprise Linux 5, since 5.3; the IBM JDK, java-1.6.0-ibm; or the Sun JDK,\njava-1.6.0-sun.\n\nThis update removes the java-1.5.0-sun packages as they have reached their\nEnd of Service Life.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2010:0338", "url": "https://access.redhat.com/errata/RHSA-2010:0338" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html", "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html" }, { "category": "external", "summary": "533125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "category": "external", "summary": "575736", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575736" }, { "category": "external", "summary": "575740", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575740" }, { "category": "external", "summary": "575747", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575747" }, { "category": "external", "summary": "575755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575755" }, { "category": "external", "summary": "575756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575756" }, { "category": "external", "summary": "575760", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575760" }, { "category": "external", "summary": "575764", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575764" }, { "category": "external", "summary": "575769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575769" }, { "category": "external", "summary": "575772", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575772" }, { "category": "external", "summary": "575775", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575775" }, { "category": "external", "summary": "575808", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575808" }, { "category": "external", "summary": "575818", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575818" }, { "category": "external", "summary": "575846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575846" }, { "category": "external", "summary": "575854", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575854" }, { "category": "external", "summary": "575865", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575865" }, { "category": "external", "summary": "575871", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575871" }, { "category": "external", "summary": "578430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578430" }, { "category": "external", "summary": "578432", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578432" }, { "category": "external", "summary": "578433", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578433" }, { "category": "external", "summary": "578436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436" }, { "category": "external", "summary": "578440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578440" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0338.json" } ], "title": "Red Hat Security Advisory: java-1.5.0-sun security update", "tracking": { "current_release_date": "2024-11-14T10:48:44+00:00", "generator": { "date": "2024-11-14T10:48:44+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2010:0338", "initial_release_date": "2010-04-01T02:56:00+00:00", "revision_history": [ { "date": "2010-04-01T02:56:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2010-04-01T00:04:18+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T10:48:44+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::server" } } }, { "category": "product_name", "name": "RHEL Supplementary (v. 5.2.Z server)", "product": { "name": "RHEL Supplementary (v. 5.2.Z server)", "product_id": "5Server-Supplementary-5.2.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5" } } }, { "category": "product_name", "name": "RHEL Supplementary (v. 5.3.Z server)", "product": { "name": "RHEL Supplementary (v. 5.3.Z server)", "product_id": "5Server-Supplementary-5.3.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux AS version 4.7.z Extras", "product": { "name": "Red Hat Enterprise Linux AS version 4.7.z Extras", "product_id": "4AS-4.7.z-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4.7.z" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ES version 4.7.z Extras", "product": { "name": "Red Hat Enterprise Linux ES version 4.7.z Extras", "product_id": "4ES-4.7.z-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4.7.z" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux AS version 4 Extras", "product": { "name": "Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Desktop version 4 Extras", "product": { "name": "Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ES version 4 Extras", "product": { "name": "Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux WS version 4 Extras", "product": { "name": "Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "product": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "product_id": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-sun-uninstall@1.5.0.22-1jpp.3.el5?arch=x86_64" } } }, { "category": "product_version", "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "product": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "product_id": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-sun-uninstall@1.5.0.22-1jpp.3.el4?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "product": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "product_id": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-sun-uninstall@1.5.0.22-1jpp.3.el5?arch=i586" } } }, { "category": "product_version", "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "product": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "product_id": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-sun-uninstall@1.5.0.22-1jpp.3.el4?arch=i586" } } } ], "category": "architecture", "name": "i586" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586 as a component of Red Hat Enterprise Linux AS version 4.7.z Extras", "product_id": "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "relates_to_product_reference": "4AS-4.7.z-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4.7.z Extras", "product_id": "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "relates_to_product_reference": "4AS-4.7.z-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586 as a component of Red Hat Enterprise Linux ES version 4.7.z Extras", "product_id": "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "relates_to_product_reference": "4ES-4.7.z-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4.7.z Extras", "product_id": "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "relates_to_product_reference": "4ES-4.7.z-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586 as a component of RHEL Supplementary (v. 5.2.Z server)", "product_id": "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "relates_to_product_reference": "5Server-Supplementary-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64 as a component of RHEL Supplementary (v. 5.2.Z server)", "product_id": "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586 as a component of RHEL Supplementary (v. 5.3.Z server)", "product_id": "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "relates_to_product_reference": "5Server-Supplementary-5.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64 as a component of RHEL Supplementary (v. 5.3.Z server)", "product_id": "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary-5.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" }, "product_reference": "java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-3555", "cwe": { "id": "CWE-300", "name": "Channel Accessible by Non-Endpoint" }, "discovery_date": "2009-10-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "533125" } ], "notes": [ { "category": "description", "text": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "TLS: MITM attacks via session renegotiation", "title": "Vulnerability summary" }, { "category": "other", "text": "Additional information can be found in the Red Hat Knowledgebase article:\nhttps://access.redhat.com/articles/20490", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3555" }, { "category": "external", "summary": "RHBZ#533125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3555", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555" } ], "release_date": "2009-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "TLS: MITM attacks via session renegotiation" }, { "cve": "CVE-2010-0082", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575736" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Loader-constraint table allows arrays instead of only the base-classes (6626217)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0082" }, { "category": "external", "summary": "RHBZ#575736", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575736" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0082", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0082" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0082", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0082" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK Loader-constraint table allows arrays instead of only the base-classes (6626217)" }, { "cve": "CVE-2010-0084", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575740" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0084" }, { "category": "external", "summary": "RHBZ#575740", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575740" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0084" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)" }, { "cve": "CVE-2010-0085", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575747" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK File TOCTOU deserialization vulnerability (6736390)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0085" }, { "category": "external", "summary": "RHBZ#575747", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575747" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0085", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0085" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0085", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0085" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK File TOCTOU deserialization vulnerability (6736390)" }, { "cve": "CVE-2010-0087", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578433" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in JWS/Plugin component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0087" }, { "category": "external", "summary": "RHBZ#578433", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578433" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0087", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0087" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0087", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0087" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in JWS/Plugin component" }, { "cve": "CVE-2010-0088", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575755" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Inflater/Deflater clone issues (6745393)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0088" }, { "category": "external", "summary": "RHBZ#575755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575755" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0088", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0088" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Inflater/Deflater clone issues (6745393)" }, { "cve": "CVE-2010-0089", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578440" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in JavaWS/Plugin component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0089" }, { "category": "external", "summary": "RHBZ#578440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578440" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0089", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0089" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0089", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0089" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK unspecified vulnerability in JavaWS/Plugin component" }, { "cve": "CVE-2010-0091", "discovery_date": "2008-07-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575756" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0091" }, { "category": "external", "summary": "RHBZ#575756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575756" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0091", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0091" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0091", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0091" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)" }, { "cve": "CVE-2010-0092", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575760" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK AtomicReferenceArray causes SIGSEGV -\u003e SEGV_MAPERR error (6888149)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0092" }, { "category": "external", "summary": "RHBZ#575760", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575760" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0092", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0092" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0092", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0092" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK AtomicReferenceArray causes SIGSEGV -\u003e SEGV_MAPERR error (6888149)" }, { "cve": "CVE-2010-0093", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575764" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0093" }, { "category": "external", "summary": "RHBZ#575764", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575764" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0093", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0093" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0093", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0093" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)" }, { "cve": "CVE-2010-0094", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575769" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0094" }, { "category": "external", "summary": "RHBZ#575769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575769" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0094", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0094" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0094", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0094" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)" }, { "cve": "CVE-2010-0095", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575772" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0095" }, { "category": "external", "summary": "RHBZ#575772", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575772" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0095", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0095" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0095", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0095" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)" }, { "cve": "CVE-2010-0837", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575818" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK JAR \"unpack200\" must verify input parameters (6902299)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0837" }, { "category": "external", "summary": "RHBZ#575818", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575818" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0837", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0837" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0837", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0837" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK JAR \"unpack200\" must verify input parameters (6902299)" }, { "cve": "CVE-2010-0838", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575808" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0838" }, { "category": "external", "summary": "RHBZ#575808", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575808" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0838", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0838" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0838", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0838" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653)" }, { "cve": "CVE-2010-0839", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578436" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK multiple unspecified vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0839" }, { "category": "external", "summary": "RHBZ#578436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0839", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0839" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0839", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0839" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK multiple unspecified vulnerabilities" }, { "cve": "CVE-2010-0840", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575846" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) \"a similar trust issue with interfaces,\" aka \"Trusted Methods Chaining Remote Code Execution Vulnerability.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0840" }, { "category": "external", "summary": "RHBZ#575846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575846" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0840", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0840" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-05-25T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Critical" } ], "title": "OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)" }, { "cve": "CVE-2010-0841", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575854" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and \"stepX\".", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK JPEGImageReader stepX Integer Overflow Vulnerability (6909597)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0841" }, { "category": "external", "summary": "RHBZ#575854", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575854" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0841", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0841" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0841", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0841" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK JPEGImageReader stepX Integer Overflow Vulnerability (6909597)" }, { "cve": "CVE-2010-0842", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578436" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK multiple unspecified vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0842" }, { "category": "external", "summary": "RHBZ#578436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0842", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0842" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0842", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0842" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK multiple unspecified vulnerabilities" }, { "cve": "CVE-2010-0843", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578436" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK multiple unspecified vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0843" }, { "category": "external", "summary": "RHBZ#578436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0843", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0843" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0843", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0843" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK multiple unspecified vulnerabilities" }, { "cve": "CVE-2010-0844", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578436" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK multiple unspecified vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0844" }, { "category": "external", "summary": "RHBZ#578436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0844", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0844" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0844", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0844" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK multiple unspecified vulnerabilities" }, { "cve": "CVE-2010-0845", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575775" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0845" }, { "category": "external", "summary": "RHBZ#575775", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575775" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0845", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0845" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0845", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0845" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807)" }, { "cve": "CVE-2010-0846", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578430" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an \"invalid assignment\" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl).", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in ImageIO component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0846" }, { "category": "external", "summary": "RHBZ#578430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578430" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0846", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0846" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0846", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0846" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in ImageIO component" }, { "cve": "CVE-2010-0847", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575871" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK ImagingLib arbitrary code execution vulnerability (6914866)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0847" }, { "category": "external", "summary": "RHBZ#575871", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575871" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0847", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0847" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0847", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0847" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK ImagingLib arbitrary code execution vulnerability (6914866)" }, { "cve": "CVE-2010-0848", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575865" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK AWT Library Invalid Index Vulnerability (6914823)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0848" }, { "category": "external", "summary": "RHBZ#575865", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575865" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0848", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0848" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0848", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0848" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK AWT Library Invalid Index Vulnerability (6914823)" }, { "cve": "CVE-2010-0849", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578432" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in Java2D component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0849" }, { "category": "external", "summary": "RHBZ#578432", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578432" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0849", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0849" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0849", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0849" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-04-01T02:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0338" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4AS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4Desktop-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-4.7.z-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4ES-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.i586", "4WS-LACD:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4.x86_64", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Client-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.2.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary-5.3.Z:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.i586", "5Server-Supplementary:java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in Java2D component" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.