rhsa-2010_0339
Vulnerability from csaf_redhat
Published
2010-04-01 00:14
Modified
2024-11-05 17:15
Summary
Red Hat Security Advisory: java-1.6.0-openjdk security update
Notes
Topic
Updated java-1.6.0-openjdk packages that fix several security issues are
now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)
contains the software and tools that users need to run applications written
using the Java programming language.
A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handle session renegotiation. A man-in-the-middle
attacker could use this flaw to prefix arbitrary plain text to a client's
session (for example, an HTTPS connection to a website). This could force
the server to process an attacker's request as if authenticated using the
victim's credentials. (CVE-2009-3555)
This update disables renegotiation in the Java Secure Socket Extension
(JSSE) component. Unsafe renegotiation can be re-enabled using the
sun.security.ssl.allowUnsafeRenegotiation property. Refer to the following
Knowledgebase article for details:
http://kbase.redhat.com/faq/docs/DOC-20491
A number of flaws have been fixed in the Java Virtual Machine (JVM) and in
various Java class implementations. These flaws could allow an unsigned
applet or application to bypass intended access restrictions.
(CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0094)
An untrusted applet could access clipboard information if a drag operation
was performed over that applet's canvas. This could lead to an information
leak. (CVE-2010-0091)
The rawIndex operation incorrectly handled large values, causing the
corruption of internal memory structures, resulting in an untrusted applet
or application crashing. (CVE-2010-0092)
The System.arraycopy operation incorrectly handled large index values,
potentially causing array corruption in an untrusted applet or application.
(CVE-2010-0093)
Subclasses of InetAddress may incorrectly interpret network addresses,
allowing an untrusted applet or application to bypass network access
restrictions. (CVE-2010-0095)
In certain cases, type assignments could result in "non-exact" interface
types. This could be used to bypass type-safety restrictions.
(CVE-2010-0845)
A buffer overflow flaw in LittleCMS (embedded in OpenJDK) could cause an
untrusted applet or application using color profiles from untrusted sources
to crash. (CVE-2010-0838)
An input validation flaw was found in the JRE unpack200 functionality. An
untrusted applet or application could use this flaw to elevate its
privileges. (CVE-2010-0837)
Deferred calls to trusted applet methods could be granted incorrect
permissions, allowing an untrusted applet or application to extend its
privileges. (CVE-2010-0840)
A missing input validation flaw in the JRE could allow an attacker to crash
an untrusted applet or application. (CVE-2010-0848)
A flaw in Java2D could allow an attacker to execute arbitrary code with the
privileges of a user running an untrusted applet or application that uses
Java2D. (CVE-2010-0847)
Note: The flaws concerning applets in this advisory, CVE-2010-0082,
CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0092,
CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838,
CVE-2010-0840, CVE-2010-0847, and CVE-2010-0848, can only be triggered in
java-1.6.0-openjdk by calling the "appletviewer" application.
This update also provides three defense in depth patches. (BZ#575745,
BZ#575861, BZ#575789)
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated java-1.6.0-openjdk packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications written\nusing the Java programming language.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handle session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client\u0027s\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker\u0027s request as if authenticated using the\nvictim\u0027s credentials. (CVE-2009-3555)\n\nThis update disables renegotiation in the Java Secure Socket Extension\n(JSSE) component. Unsafe renegotiation can be re-enabled using the\nsun.security.ssl.allowUnsafeRenegotiation property. Refer to the following\nKnowledgebase article for details:\nhttp://kbase.redhat.com/faq/docs/DOC-20491\n\nA number of flaws have been fixed in the Java Virtual Machine (JVM) and in\nvarious Java class implementations. These flaws could allow an unsigned\napplet or application to bypass intended access restrictions.\n(CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0094)\n\nAn untrusted applet could access clipboard information if a drag operation\nwas performed over that applet\u0027s canvas. This could lead to an information\nleak. (CVE-2010-0091)\n\nThe rawIndex operation incorrectly handled large values, causing the\ncorruption of internal memory structures, resulting in an untrusted applet\nor application crashing. (CVE-2010-0092)\n\nThe System.arraycopy operation incorrectly handled large index values,\npotentially causing array corruption in an untrusted applet or application.\n(CVE-2010-0093)\n\nSubclasses of InetAddress may incorrectly interpret network addresses,\nallowing an untrusted applet or application to bypass network access\nrestrictions. (CVE-2010-0095)\n\nIn certain cases, type assignments could result in \"non-exact\" interface\ntypes. This could be used to bypass type-safety restrictions.\n(CVE-2010-0845)\n\nA buffer overflow flaw in LittleCMS (embedded in OpenJDK) could cause an\nuntrusted applet or application using color profiles from untrusted sources\nto crash. (CVE-2010-0838)\n\nAn input validation flaw was found in the JRE unpack200 functionality. An\nuntrusted applet or application could use this flaw to elevate its\nprivileges. (CVE-2010-0837)\n\nDeferred calls to trusted applet methods could be granted incorrect\npermissions, allowing an untrusted applet or application to extend its\nprivileges. (CVE-2010-0840)\n\nA missing input validation flaw in the JRE could allow an attacker to crash\nan untrusted applet or application. (CVE-2010-0848)\n\nA flaw in Java2D could allow an attacker to execute arbitrary code with the\nprivileges of a user running an untrusted applet or application that uses\nJava2D. (CVE-2010-0847)\n\nNote: The flaws concerning applets in this advisory, CVE-2010-0082,\nCVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0092,\nCVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838,\nCVE-2010-0840, CVE-2010-0847, and CVE-2010-0848, can only be triggered in\njava-1.6.0-openjdk by calling the \"appletviewer\" application.\n\nThis update also provides three defense in depth patches. (BZ#575745,\nBZ#575861, BZ#575789)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0339",
"url": "https://access.redhat.com/errata/RHSA-2010:0339"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://kbase.redhat.com/faq/docs/DOC-20491",
"url": "http://kbase.redhat.com/faq/docs/DOC-20491"
},
{
"category": "external",
"summary": "533125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
},
{
"category": "external",
"summary": "575736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575736"
},
{
"category": "external",
"summary": "575740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575740"
},
{
"category": "external",
"summary": "575745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575745"
},
{
"category": "external",
"summary": "575747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575747"
},
{
"category": "external",
"summary": "575755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575755"
},
{
"category": "external",
"summary": "575756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575756"
},
{
"category": "external",
"summary": "575760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575760"
},
{
"category": "external",
"summary": "575764",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575764"
},
{
"category": "external",
"summary": "575769",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575769"
},
{
"category": "external",
"summary": "575772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575772"
},
{
"category": "external",
"summary": "575775",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575775"
},
{
"category": "external",
"summary": "575789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575789"
},
{
"category": "external",
"summary": "575808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575808"
},
{
"category": "external",
"summary": "575818",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575818"
},
{
"category": "external",
"summary": "575846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575846"
},
{
"category": "external",
"summary": "575861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575861"
},
{
"category": "external",
"summary": "575865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575865"
},
{
"category": "external",
"summary": "575871",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575871"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0339.json"
}
],
"title": "Red Hat Security Advisory: java-1.6.0-openjdk security update",
"tracking": {
"current_release_date": "2024-11-05T17:15:19+00:00",
"generator": {
"date": "2024-11-05T17:15:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2010:0339",
"initial_release_date": "2010-04-01T00:14:00+00:00",
"revision_history": [
{
"date": "2010-04-01T00:14:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-03-31T20:14:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T17:15:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-1.11.b16.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-1.11.b16.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.11.b16.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-1.11.b16.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-1.11.b16.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-1.11.b16.el5?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-1.11.b16.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-1.11.b16.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.11.b16.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-1.11.b16.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-1.11.b16.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-1.11.b16.el5?arch=i386\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"product": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.11.b16.el5?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-3555",
"cwe": {
"id": "CWE-300",
"name": "Channel Accessible by Non-Endpoint"
},
"discovery_date": "2009-10-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "533125"
}
],
"notes": [
{
"category": "description",
"text": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "TLS: MITM attacks via session renegotiation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Additional information can be found in the Red Hat Knowledgebase article:\nhttps://access.redhat.com/articles/20490",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3555"
},
{
"category": "external",
"summary": "RHBZ#533125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3555",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555"
}
],
"release_date": "2009-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-01T00:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0339"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "TLS: MITM attacks via session renegotiation"
},
{
"cve": "CVE-2010-0082",
"discovery_date": "2010-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575736"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Loader-constraint table allows arrays instead of only the base-classes (6626217)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0082"
},
{
"category": "external",
"summary": "RHBZ#575736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0082",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0082"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0082",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0082"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-01T00:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0339"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK Loader-constraint table allows arrays instead of only the base-classes (6626217)"
},
{
"cve": "CVE-2010-0084",
"discovery_date": "2010-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575740"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0084"
},
{
"category": "external",
"summary": "RHBZ#575740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575740"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0084",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0084"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0084",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0084"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-01T00:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0339"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)"
},
{
"cve": "CVE-2010-0085",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2010-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575747"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK File TOCTOU deserialization vulnerability (6736390)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0085"
},
{
"category": "external",
"summary": "RHBZ#575747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575747"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0085",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0085"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-01T00:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0339"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK File TOCTOU deserialization vulnerability (6736390)"
},
{
"cve": "CVE-2010-0088",
"discovery_date": "2010-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575755"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Inflater/Deflater clone issues (6745393)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0088"
},
{
"category": "external",
"summary": "RHBZ#575755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575755"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0088",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0088"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0088",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0088"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-01T00:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0339"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK Inflater/Deflater clone issues (6745393)"
},
{
"cve": "CVE-2010-0091",
"discovery_date": "2008-07-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575756"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0091"
},
{
"category": "external",
"summary": "RHBZ#575756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0091",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0091"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0091",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0091"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-01T00:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0339"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)"
},
{
"cve": "CVE-2010-0092",
"discovery_date": "2010-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575760"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK AtomicReferenceArray causes SIGSEGV -\u003e SEGV_MAPERR error (6888149)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0092"
},
{
"category": "external",
"summary": "RHBZ#575760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575760"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0092",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0092"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-01T00:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0339"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK AtomicReferenceArray causes SIGSEGV -\u003e SEGV_MAPERR error (6888149)"
},
{
"cve": "CVE-2010-0093",
"discovery_date": "2010-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575764"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0093"
},
{
"category": "external",
"summary": "RHBZ#575764",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575764"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0093",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0093"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0093",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0093"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-01T00:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0339"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)"
},
{
"cve": "CVE-2010-0094",
"discovery_date": "2010-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575769"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0094"
},
{
"category": "external",
"summary": "RHBZ#575769",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575769"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0094",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0094"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0094",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0094"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-01T00:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0339"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)"
},
{
"cve": "CVE-2010-0095",
"discovery_date": "2010-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575772"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0095"
},
{
"category": "external",
"summary": "RHBZ#575772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575772"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0095",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0095"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0095",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0095"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-01T00:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0339"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)"
},
{
"cve": "CVE-2010-0837",
"discovery_date": "2010-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575818"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK JAR \"unpack200\" must verify input parameters (6902299)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0837"
},
{
"category": "external",
"summary": "RHBZ#575818",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575818"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0837",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0837"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0837",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0837"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-01T00:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0339"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK JAR \"unpack200\" must verify input parameters (6902299)"
},
{
"cve": "CVE-2010-0838",
"discovery_date": "2010-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575808"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0838"
},
{
"category": "external",
"summary": "RHBZ#575808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575808"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0838",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0838"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0838",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0838"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-01T00:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0339"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653)"
},
{
"cve": "CVE-2010-0840",
"discovery_date": "2010-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575846"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) \"a similar trust issue with interfaces,\" aka \"Trusted Methods Chaining Remote Code Execution Vulnerability.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0840"
},
{
"category": "external",
"summary": "RHBZ#575846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0840",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0840"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0840"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-01T00:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0339"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)"
},
{
"cve": "CVE-2010-0845",
"discovery_date": "2010-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575775"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0845"
},
{
"category": "external",
"summary": "RHBZ#575775",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575775"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0845",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0845"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0845",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0845"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-01T00:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0339"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807)"
},
{
"cve": "CVE-2010-0847",
"discovery_date": "2010-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575871"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK ImagingLib arbitrary code execution vulnerability (6914866)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0847"
},
{
"category": "external",
"summary": "RHBZ#575871",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575871"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0847"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0847",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0847"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-01T00:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0339"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK ImagingLib arbitrary code execution vulnerability (6914866)"
},
{
"cve": "CVE-2010-0848",
"discovery_date": "2010-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "575865"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK AWT Library Invalid Index Vulnerability (6914823)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0848"
},
{
"category": "external",
"summary": "RHBZ#575865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=575865"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0848",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0848"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0848",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0848"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-01T00:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0339"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK AWT Library Invalid Index Vulnerability (6914823)"
}
]
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.