rhsa-2010_0471
Vulnerability from csaf_redhat
Published
2010-06-14 23:19
Modified
2024-11-14 10:49
Summary
Red Hat Security Advisory: Red Hat Network Satellite Server IBM Java Runtime security update
Notes
Topic
Updated java-1.6.0-ibm packages that fix several security issues are now
available for Red Hat Network Satellite Server 5.3.
The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
This update corrects several security vulnerabilities in the IBM Java
Runtime Environment shipped as part of Red Hat Network Satellite Server
5.3. In a typical operating environment, these are of low security risk as
the runtime is not used on untrusted applets.
Several flaws were fixed in the IBM Java 2 Runtime Environment.
(CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089,
CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0094, CVE-2010-0095,
CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,
CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0846, CVE-2010-0848,
CVE-2010-0849)
Users of Red Hat Network Satellite Server 5.3 are advised to upgrade to
these updated java-1.6.0-ibm packages, which resolve these issues. For this
update to take effect, Red Hat Network Satellite Server must be restarted
("/usr/sbin/rhn-satellite restart"), as well as all running instances of
IBM Java.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated java-1.6.0-ibm packages that fix several security issues are now\navailable for Red Hat Network Satellite Server 5.3.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "This update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite Server\n5.3. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets.\n\nSeveral flaws were fixed in the IBM Java 2 Runtime Environment.\n(CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089,\nCVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0094, CVE-2010-0095,\nCVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,\nCVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0846, CVE-2010-0848,\nCVE-2010-0849)\n\nUsers of Red Hat Network Satellite Server 5.3 are advised to upgrade to\nthese updated java-1.6.0-ibm packages, which resolve these issues. For this\nupdate to take effect, Red Hat Network Satellite Server must be restarted\n(\"/usr/sbin/rhn-satellite restart\"), as well as all running instances of\nIBM Java.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2010:0471", "url": "https://access.redhat.com/errata/RHSA-2010:0471" }, { "category": "external", "summary": "http://www.redhat.com/security/updates/classification/#low", "url": "http://www.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "575740", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575740" }, { "category": "external", "summary": "575747", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575747" }, { "category": "external", "summary": "575755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575755" }, { "category": "external", "summary": "575756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575756" }, { "category": "external", "summary": "575760", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575760" }, { "category": "external", "summary": "575769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575769" }, { "category": "external", "summary": "575772", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575772" }, { "category": "external", "summary": "575808", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575808" }, { "category": "external", "summary": "575818", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575818" }, { "category": "external", "summary": "575846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575846" }, { "category": "external", "summary": "575854", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575854" }, { "category": "external", "summary": "575865", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575865" }, { "category": "external", "summary": "578430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578430" }, { "category": "external", "summary": "578432", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578432" }, { "category": "external", "summary": "578433", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578433" }, { "category": "external", "summary": "578436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436" }, { "category": "external", "summary": "578437", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578437" }, { "category": "external", "summary": "578440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578440" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0471.json" } ], "title": "Red Hat Security Advisory: Red Hat Network Satellite Server IBM Java Runtime security update", "tracking": { "current_release_date": "2024-11-14T10:49:22+00:00", "generator": { "date": "2024-11-14T10:49:22+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2010:0471", "initial_release_date": "2010-06-14T23:19:00+00:00", "revision_history": [ { "date": "2010-06-14T23:19:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2010-06-14T19:23:31+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T10:49:22+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Satellite 5.3 (RHEL v.4)", "product": { "name": "Red Hat Satellite 5.3 (RHEL v.4)", "product_id": "4AS-RHNSAT5.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.3::el4" } } }, { "category": "product_name", "name": "Red Hat Satellite 5.3 (RHEL v.5)", "product": { "name": "Red Hat Satellite 5.3 (RHEL v.5)", "product_id": "5Server-Satellite53", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.3::el5" } } } ], "category": "product_family", "name": "Red Hat Satellite" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "product": { "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "product_id": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.8-1jpp.1.el4?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "product": { "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "product_id": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.8-1jpp.1.el5?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "product": { "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "product_id": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.8-1jpp.1.el4?arch=s390\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "product": { "name": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "product_id": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.8-1jpp.1.el4?arch=s390\u0026epoch=1" } } } ], "category": "architecture", "name": "s390" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "product": { "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "product_id": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.8-1jpp.1.el4?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "product": { "name": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "product_id": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.8-1jpp.1.el4?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "product": { "name": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "product_id": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.8-1jpp.1.el5?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "product": { "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "product_id": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.8-1jpp.1.el5?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "product": { "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "product_id": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.8-1jpp.1.el4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "product": { "name": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "product_id": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.8-1jpp.1.el4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64", "product": { "name": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64", "product_id": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.8-1jpp.1.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "product": { "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "product_id": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.8-1jpp.1.el5?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "product": { "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "product_id": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.8-1jpp.1.el4?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "product": { "name": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "product_id": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.8-1jpp.1.el4?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "product": { "name": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "product_id": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.8-1jpp.1.el5?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "product": { "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "product_id": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.8-1jpp.1.el5?arch=i386\u0026epoch=1" } } } ], "category": "architecture", "name": "i386" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386 as a component of Red Hat Satellite 5.3 (RHEL v.4)", "product_id": "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "relates_to_product_reference": "4AS-RHNSAT5.3" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390 as a component of Red Hat Satellite 5.3 (RHEL v.4)", "product_id": "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "relates_to_product_reference": "4AS-RHNSAT5.3" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x as a component of Red Hat Satellite 5.3 (RHEL v.4)", "product_id": "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "relates_to_product_reference": "4AS-RHNSAT5.3" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src as a component of Red Hat Satellite 5.3 (RHEL v.4)", "product_id": "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "relates_to_product_reference": "4AS-RHNSAT5.3" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64 as a component of Red Hat Satellite 5.3 (RHEL v.4)", "product_id": "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "relates_to_product_reference": "4AS-RHNSAT5.3" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386 as a component of Red Hat Satellite 5.3 (RHEL v.4)", "product_id": "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386" }, "product_reference": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "relates_to_product_reference": "4AS-RHNSAT5.3" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390 as a component of Red Hat Satellite 5.3 (RHEL v.4)", "product_id": "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390" }, "product_reference": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "relates_to_product_reference": "4AS-RHNSAT5.3" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x as a component of Red Hat Satellite 5.3 (RHEL v.4)", "product_id": "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x" }, "product_reference": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "relates_to_product_reference": "4AS-RHNSAT5.3" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64 as a component of Red Hat Satellite 5.3 (RHEL v.4)", "product_id": "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "relates_to_product_reference": "4AS-RHNSAT5.3" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386 as a component of Red Hat Satellite 5.3 (RHEL v.5)", "product_id": "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "relates_to_product_reference": "5Server-Satellite53" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x as a component of Red Hat Satellite 5.3 (RHEL v.5)", "product_id": "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "relates_to_product_reference": "5Server-Satellite53" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src as a component of Red Hat Satellite 5.3 (RHEL v.5)", "product_id": "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "relates_to_product_reference": "5Server-Satellite53" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64 as a component of Red Hat Satellite 5.3 (RHEL v.5)", "product_id": "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-Satellite53" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386 as a component of Red Hat Satellite 5.3 (RHEL v.5)", "product_id": "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386" }, "product_reference": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "relates_to_product_reference": "5Server-Satellite53" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x as a component of Red Hat Satellite 5.3 (RHEL v.5)", "product_id": "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x" }, "product_reference": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "relates_to_product_reference": "5Server-Satellite53" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64 as a component of Red Hat Satellite 5.3 (RHEL v.5)", "product_id": "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-Satellite53" } ] }, "vulnerabilities": [ { "cve": "CVE-2010-0084", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575740" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0084" }, { "category": "external", "summary": "RHBZ#575740", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575740" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0084" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-14T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0471" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)" }, { "cve": "CVE-2010-0085", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575747" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK File TOCTOU deserialization vulnerability (6736390)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0085" }, { "category": "external", "summary": "RHBZ#575747", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575747" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0085", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0085" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0085", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0085" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-14T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0471" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK File TOCTOU deserialization vulnerability (6736390)" }, { "cve": "CVE-2010-0087", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578433" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in JWS/Plugin component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0087" }, { "category": "external", "summary": "RHBZ#578433", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578433" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0087", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0087" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0087", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0087" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-14T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0471" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in JWS/Plugin component" }, { "cve": "CVE-2010-0088", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575755" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Inflater/Deflater clone issues (6745393)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0088" }, { "category": "external", "summary": "RHBZ#575755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575755" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0088", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0088" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-14T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0471" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Inflater/Deflater clone issues (6745393)" }, { "cve": "CVE-2010-0089", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578440" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in JavaWS/Plugin component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0089" }, { "category": "external", "summary": "RHBZ#578440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578440" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0089", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0089" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0089", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0089" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-14T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0471" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK unspecified vulnerability in JavaWS/Plugin component" }, { "cve": "CVE-2010-0090", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578437" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in JavaWS/Plugin component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0090" }, { "category": "external", "summary": "RHBZ#578437", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578437" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0090", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0090" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0090", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0090" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-14T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0471" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in JavaWS/Plugin component" }, { "cve": "CVE-2010-0091", "discovery_date": "2008-07-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575756" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0091" }, { "category": "external", "summary": "RHBZ#575756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575756" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0091", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0091" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0091", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0091" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-14T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0471" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)" }, { "cve": "CVE-2010-0092", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575760" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK AtomicReferenceArray causes SIGSEGV -\u003e SEGV_MAPERR error (6888149)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0092" }, { "category": "external", "summary": "RHBZ#575760", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575760" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0092", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0092" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0092", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0092" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-14T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0471" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK AtomicReferenceArray causes SIGSEGV -\u003e SEGV_MAPERR error (6888149)" }, { "cve": "CVE-2010-0094", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575769" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0094" }, { "category": "external", "summary": "RHBZ#575769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575769" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0094", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0094" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0094", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0094" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-14T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0471" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)" }, { "cve": "CVE-2010-0095", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575772" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0095" }, { "category": "external", "summary": "RHBZ#575772", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575772" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0095", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0095" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0095", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0095" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-14T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0471" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)" }, { "cve": "CVE-2010-0837", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575818" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK JAR \"unpack200\" must verify input parameters (6902299)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0837" }, { "category": "external", "summary": "RHBZ#575818", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575818" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0837", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0837" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0837", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0837" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-14T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0471" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK JAR \"unpack200\" must verify input parameters (6902299)" }, { "cve": "CVE-2010-0838", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575808" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0838" }, { "category": "external", "summary": "RHBZ#575808", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575808" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0838", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0838" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0838", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0838" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-14T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0471" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653)" }, { "cve": "CVE-2010-0839", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578436" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK multiple unspecified vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0839" }, { "category": "external", "summary": "RHBZ#578436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0839", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0839" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0839", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0839" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-14T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0471" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK multiple unspecified vulnerabilities" }, { "cve": "CVE-2010-0840", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575846" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) \"a similar trust issue with interfaces,\" aka \"Trusted Methods Chaining Remote Code Execution Vulnerability.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0840" }, { "category": "external", "summary": "RHBZ#575846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575846" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0840", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0840" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-14T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0471" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-05-25T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Critical" } ], "title": "OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)" }, { "cve": "CVE-2010-0841", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575854" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and \"stepX\".", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK JPEGImageReader stepX Integer Overflow Vulnerability (6909597)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0841" }, { "category": "external", "summary": "RHBZ#575854", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575854" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0841", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0841" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0841", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0841" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-14T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0471" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK JPEGImageReader stepX Integer Overflow Vulnerability (6909597)" }, { "cve": "CVE-2010-0842", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578436" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK multiple unspecified vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0842" }, { "category": "external", "summary": "RHBZ#578436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0842", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0842" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0842", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0842" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-14T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0471" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK multiple unspecified vulnerabilities" }, { "cve": "CVE-2010-0843", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578436" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK multiple unspecified vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0843" }, { "category": "external", "summary": "RHBZ#578436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0843", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0843" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0843", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0843" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-14T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0471" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK multiple unspecified vulnerabilities" }, { "cve": "CVE-2010-0844", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578436" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK multiple unspecified vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0844" }, { "category": "external", "summary": "RHBZ#578436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578436" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0844", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0844" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0844", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0844" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-14T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0471" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK multiple unspecified vulnerabilities" }, { "cve": "CVE-2010-0846", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578430" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an \"invalid assignment\" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl).", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in ImageIO component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0846" }, { "category": "external", "summary": "RHBZ#578430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578430" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0846", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0846" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0846", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0846" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-14T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0471" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in ImageIO component" }, { "cve": "CVE-2010-0847", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575871" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK ImagingLib arbitrary code execution vulnerability (6914866)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0847" }, { "category": "external", "summary": "RHBZ#575871", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575871" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0847", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0847" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0847", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0847" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-14T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0471" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK ImagingLib arbitrary code execution vulnerability (6914866)" }, { "cve": "CVE-2010-0848", "discovery_date": "2010-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "575865" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK AWT Library Invalid Index Vulnerability (6914823)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0848" }, { "category": "external", "summary": "RHBZ#575865", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575865" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0848", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0848" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0848", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0848" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-14T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0471" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK AWT Library Invalid Index Vulnerability (6914823)" }, { "cve": "CVE-2010-0849", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "578432" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK unspecified vulnerability in Java2D component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0849" }, { "category": "external", "summary": "RHBZ#578432", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578432" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0849", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0849" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0849", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0849" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-14T23:19:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0471" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.src", "4AS-RHNSAT5.3:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4.x86_64", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.i386", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.3:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4.x86_64", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.src", "5Server-Satellite53:java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5.x86_64", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.i386", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.s390x", "5Server-Satellite53:java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK unspecified vulnerability in Java2D component" } ] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.