rhsa-2010_0768
Vulnerability from csaf_redhat
Published
2010-10-13 16:22
Modified
2024-11-14 10:50
Summary
Red Hat Security Advisory: java-1.6.0-openjdk security and bug fix update
Notes
Topic
Updated java-1.6.0-openjdk packages that fix several security issues and
two bugs are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.
defaultReadObject of the Serialization API could be tricked into setting a
volatile field multiple times, which could allow a remote attacker to
execute arbitrary code with the privileges of the user running the applet
or application. (CVE-2010-3569)
Race condition in the way objects were deserialized could allow an
untrusted applet or application to misuse the privileges of the user
running the applet or application. (CVE-2010-3568)
Miscalculation in the OpenType font rendering implementation caused
out-of-bounds memory access, which could allow remote attackers to execute
code with the privileges of the user running the java process.
(CVE-2010-3567)
JPEGImageWriter.writeImage in the imageio API improperly checked certain
image metadata, which could allow a remote attacker to execute arbitrary
code in the context of the user running the applet or application.
(CVE-2010-3565)
Double free in IndexColorModel could cause an untrusted applet or
application to crash or, possibly, execute arbitrary code with the
privileges of the user running the applet or application. (CVE-2010-3562)
The privileged accept method of the ServerSocket class in the Common Object
Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to
receive connections from any host, instead of just the host of the current
connection. An attacker could use this flaw to bypass restrictions defined
by network permissions. (CVE-2010-3561)
Flaws in the Swing library could allow an untrusted application to modify
the behavior and state of certain JDK classes. (CVE-2010-3557)
Flaws in the CORBA implementation could allow an attacker to execute
arbitrary code by misusing permissions granted to certain system objects.
(CVE-2010-3554)
UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted
callers to create objects via ProxyLazyValue values. (CVE-2010-3553)
HttpURLConnection improperly handled the "chunked" transfer encoding
method, which could allow remote attackers to conduct HTTP response
splitting attacks. (CVE-2010-3549)
HttpURLConnection improperly checked whether the calling code was granted
the "allowHttpTrace" permission, allowing untrusted code to create HTTP
TRACE requests. (CVE-2010-3574)
HttpURLConnection did not validate request headers set by applets, which
could allow remote attackers to trigger actions otherwise restricted to
HTTP clients. (CVE-2010-3541, CVE-2010-3573)
The Kerberos implementation improperly checked the sanity of AP-REQ
requests, which could cause a denial of service condition in the receiving
Java Virtual Machine. (CVE-2010-3564)
The RHSA-2010:0339 update mitigated a man-in-the-middle attack in the way
the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols
handle session renegotiation by disabling renegotiation. This update
implements the TLS Renegotiation Indication Extension as defined in RFC
5746, allowing secure renegotiation between updated clients and servers.
(CVE-2009-3555)
The NetworkInterface class improperly checked the network "connect"
permissions for local network addresses, which could allow remote attackers
to read local network addresses. (CVE-2010-3551)
Information leak flaw in the Java Naming and Directory Interface (JNDI)
could allow a remote attacker to access information about
otherwise-protected internal network names. (CVE-2010-3548)
Note: Flaws concerning applets in this advisory (CVE-2010-3568,
CVE-2010-3554, CVE-2009-3555, CVE-2010-3562, CVE-2010-3557, CVE-2010-3548,
CVE-2010-3564, CVE-2010-3565, CVE-2010-3569) can only be triggered in
OpenJDK by calling the "appletviewer" application.
Bug fixes:
* This update provides one defense in depth patch. (BZ#639922)
* Problems for certain SSL connections. In a reported case, this prevented
the JBoss JAAS modules from connecting over SSL to Microsoft Active
Directory servers. (BZ#618290)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated java-1.6.0-openjdk packages that fix several security issues and\ntwo bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\ndefaultReadObject of the Serialization API could be tricked into setting a\nvolatile field multiple times, which could allow a remote attacker to\nexecute arbitrary code with the privileges of the user running the applet\nor application. (CVE-2010-3569)\n\nRace condition in the way objects were deserialized could allow an\nuntrusted applet or application to misuse the privileges of the user\nrunning the applet or application. (CVE-2010-3568)\n\nMiscalculation in the OpenType font rendering implementation caused\nout-of-bounds memory access, which could allow remote attackers to execute\ncode with the privileges of the user running the java process.\n(CVE-2010-3567)\n\nJPEGImageWriter.writeImage in the imageio API improperly checked certain\nimage metadata, which could allow a remote attacker to execute arbitrary\ncode in the context of the user running the applet or application.\n(CVE-2010-3565)\n\nDouble free in IndexColorModel could cause an untrusted applet or\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the applet or application. (CVE-2010-3562)\n\nThe privileged accept method of the ServerSocket class in the Common Object\nRequest Broker Architecture (CORBA) implementation in OpenJDK allowed it to\nreceive connections from any host, instead of just the host of the current\nconnection. An attacker could use this flaw to bypass restrictions defined\nby network permissions. (CVE-2010-3561)\n\nFlaws in the Swing library could allow an untrusted application to modify\nthe behavior and state of certain JDK classes. (CVE-2010-3557)\n\nFlaws in the CORBA implementation could allow an attacker to execute\narbitrary code by misusing permissions granted to certain system objects.\n(CVE-2010-3554)\n\nUIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted\ncallers to create objects via ProxyLazyValue values. (CVE-2010-3553)\n\nHttpURLConnection improperly handled the \"chunked\" transfer encoding\nmethod, which could allow remote attackers to conduct HTTP response\nsplitting attacks. (CVE-2010-3549)\n\nHttpURLConnection improperly checked whether the calling code was granted\nthe \"allowHttpTrace\" permission, allowing untrusted code to create HTTP\nTRACE requests. (CVE-2010-3574)\n\nHttpURLConnection did not validate request headers set by applets, which\ncould allow remote attackers to trigger actions otherwise restricted to\nHTTP clients. (CVE-2010-3541, CVE-2010-3573)\n\nThe Kerberos implementation improperly checked the sanity of AP-REQ\nrequests, which could cause a denial of service condition in the receiving\nJava Virtual Machine. (CVE-2010-3564)\n\nThe RHSA-2010:0339 update mitigated a man-in-the-middle attack in the way\nthe TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols\nhandle session renegotiation by disabling renegotiation. This update\nimplements the TLS Renegotiation Indication Extension as defined in RFC\n5746, allowing secure renegotiation between updated clients and servers.\n(CVE-2009-3555)\n\nThe NetworkInterface class improperly checked the network \"connect\"\npermissions for local network addresses, which could allow remote attackers\nto read local network addresses. (CVE-2010-3551)\n\nInformation leak flaw in the Java Naming and Directory Interface (JNDI)\ncould allow a remote attacker to access information about\notherwise-protected internal network names. (CVE-2010-3548)\n\nNote: Flaws concerning applets in this advisory (CVE-2010-3568,\nCVE-2010-3554, CVE-2009-3555, CVE-2010-3562, CVE-2010-3557, CVE-2010-3548,\nCVE-2010-3564, CVE-2010-3565, CVE-2010-3569) can only be triggered in\nOpenJDK by calling the \"appletviewer\" application.\n\nBug fixes:\n\n* This update provides one defense in depth patch. (BZ#639922)\n\n* Problems for certain SSL connections. In a reported case, this prevented\nthe JBoss JAAS modules from connecting over SSL to Microsoft Active\nDirectory servers. (BZ#618290)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2010:0768", "url": "https://access.redhat.com/errata/RHSA-2010:0768" }, { "category": "external", "summary": "http://www.redhat.com/security/updates/classification/#important", "url": "http://www.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/kb/docs/DOC-20491", "url": "https://access.redhat.com/kb/docs/DOC-20491" }, { "category": "external", "summary": "533125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "category": "external", "summary": "618290", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=618290" }, { "category": "external", "summary": "639876", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639876" }, { "category": "external", "summary": "639880", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639880" }, { "category": "external", "summary": "639897", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639897" }, { "category": "external", "summary": "639904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639904" }, { "category": "external", "summary": "639909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639909" }, { "category": "external", "summary": "639914", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639914" }, { "category": "external", "summary": "639920", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639920" }, { "category": "external", "summary": "639922", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639922" }, { "category": "external", "summary": "639925", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639925" }, { "category": "external", "summary": "642167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642167" }, { "category": "external", "summary": "642180", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642180" }, { "category": "external", "summary": "642187", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642187" }, { "category": "external", "summary": "642197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642197" }, { "category": "external", "summary": "642202", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642202" }, { "category": "external", "summary": "642215", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642215" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0768.json" } ], "title": "Red Hat Security Advisory: java-1.6.0-openjdk security and bug fix update", "tracking": { "current_release_date": "2024-11-14T10:50:00+00:00", "generator": { "date": "2024-11-14T10:50:00+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2010:0768", "initial_release_date": "2010-10-13T16:22:00+00:00", "revision_history": [ { "date": "2010-10-13T16:22:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2010-10-13T12:23:43+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T10:50:00+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux (v. 5 server)", "product": { "name": "Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "product": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-1.16.b17.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "product": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-1.16.b17.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "product": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-1.16.b17.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "product": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-1.16.b17.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "product": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.16.b17.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "product": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-1.16.b17.el5?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "product": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-1.16.b17.el5?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "product": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-1.16.b17.el5?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "product": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-1.16.b17.el5?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "product": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-1.16.b17.el5?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "product": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.16.b17.el5?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "product": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-1.16.b17.el5?arch=i386\u0026epoch=1" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "product": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.16.b17.el5?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" }, "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "relates_to_product_reference": "5Server" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-3555", "cwe": { "id": "CWE-300", "name": "Channel Accessible by Non-Endpoint" }, "discovery_date": "2009-10-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "533125" } ], "notes": [ { "category": "description", "text": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "TLS: MITM attacks via session renegotiation", "title": "Vulnerability summary" }, { "category": "other", "text": "Additional information can be found in the Red Hat Knowledgebase article:\nhttps://access.redhat.com/articles/20490", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3555" }, { "category": "external", "summary": "RHBZ#533125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3555", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555" } ], "release_date": "2009-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-10-13T16:22:00+00:00", "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0768" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "TLS: MITM attacks via session renegotiation" }, { "cve": "CVE-2010-3541", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642202" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3541" }, { "category": "external", "summary": "RHBZ#642202", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642202" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3541", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3541" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3541", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3541" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-10-13T16:22:00+00:00", "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0768" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)" }, { "cve": "CVE-2010-3548", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "639909" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or \"otherwise-protected internal network names.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK DNS server IP address information leak (6957564)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3548" }, { "category": "external", "summary": "RHBZ#639909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3548", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3548" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-10-13T16:22:00+00:00", "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0768" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK DNS server IP address information leak (6957564)" }, { "cve": "CVE-2010-3549", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642180" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK HttpURLConnection request splitting (6952017)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3549" }, { "category": "external", "summary": "RHBZ#642180", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642180" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3549", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3549" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3549", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3549" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-10-13T16:22:00+00:00", "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0768" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK HttpURLConnection request splitting (6952017)" }, { "cve": "CVE-2010-3551", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642187" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK local network address disclosure (6952603)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3551" }, { "category": "external", "summary": "RHBZ#642187", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642187" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3551", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3551" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3551", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3551" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-10-13T16:22:00+00:00", "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0768" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK local network address disclosure (6952603)" }, { "cve": "CVE-2010-3553", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642167" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Swing unsafe reflection usage (6622002)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3553" }, { "category": "external", "summary": "RHBZ#642167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642167" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3553", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3553" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3553", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3553" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-10-13T16:22:00+00:00", "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0768" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Swing unsafe reflection usage (6622002)" }, { "cve": "CVE-2010-3554", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "639880" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to \"permissions granted to certain system objects.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK corba reflection vulnerabilities (6891766,6925672)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3554" }, { "category": "external", "summary": "RHBZ#639880", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639880" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3554", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3554" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3554", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3554" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-10-13T16:22:00+00:00", "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0768" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK corba reflection vulnerabilities (6891766,6925672)" }, { "cve": "CVE-2010-3557", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "639904" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of \"behavior and state of certain JDK classes\" and \"mutable static.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Swing mutable static (6938813)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3557" }, { "category": "external", "summary": "RHBZ#639904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639904" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3557", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3557" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3557", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3557" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-10-13T16:22:00+00:00", "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0768" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Swing mutable static (6938813)" }, { "cve": "CVE-2010-3561", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "639880" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK corba reflection vulnerabilities (6891766,6925672)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3561" }, { "category": "external", "summary": "RHBZ#639880", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639880" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3561", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3561" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3561", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3561" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-10-13T16:22:00+00:00", "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0768" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK corba reflection vulnerabilities (6891766,6925672)" }, { "cve": "CVE-2010-3562", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "639897" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK IndexColorModel double-free (6925710)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3562" }, { "category": "external", "summary": "RHBZ#639897", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639897" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3562", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3562" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3562", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3562" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-10-13T16:22:00+00:00", "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0768" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK IndexColorModel double-free (6925710)" }, { "cve": "CVE-2010-3564", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "639914" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that the Kerberos implementation does not properly check AP-REQ requests, which allows attackers to cause a denial of service in the JVM. NOTE: CVE has not investigated the apparent discrepancy between the two vendors regarding the consequences of this issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK kerberos vulnerability (6958060)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3564" }, { "category": "external", "summary": "RHBZ#639914", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639914" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3564", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3564" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3564", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3564" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-10-13T16:22:00+00:00", "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0768" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK kerberos vulnerability (6958060)" }, { "cve": "CVE-2010-3565", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "639920" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK JPEG writeImage remote code execution (6963023)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3565" }, { "category": "external", "summary": "RHBZ#639920", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639920" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3565", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3565" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3565", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3565" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-10-13T16:22:00+00:00", "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0768" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK JPEG writeImage remote code execution (6963023)" }, { "cve": "CVE-2010-3567", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642197" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK ICU Opentype layout engine crash (6963285)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3567" }, { "category": "external", "summary": "RHBZ#642197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642197" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3567", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3567" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3567", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3567" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-10-13T16:22:00+00:00", "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0768" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK ICU Opentype layout engine crash (6963285)" }, { "cve": "CVE-2010-3568", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "639876" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Deserialization Race condition (6559775)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3568" }, { "category": "external", "summary": "RHBZ#639876", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639876" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3568", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3568" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3568", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3568" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-10-13T16:22:00+00:00", "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0768" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Deserialization Race condition (6559775)" }, { "cve": "CVE-2010-3569", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "639925" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Serialization inconsistencies (6966692)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3569" }, { "category": "external", "summary": "RHBZ#639925", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639925" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3569", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3569" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3569", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3569" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-10-13T16:22:00+00:00", "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0768" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Serialization inconsistencies (6966692)" }, { "cve": "CVE-2010-3573", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642202" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3573" }, { "category": "external", "summary": "RHBZ#642202", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642202" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3573", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3573" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3573", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3573" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-10-13T16:22:00+00:00", "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0768" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)" }, { "cve": "CVE-2010-3574", "discovery_date": "2010-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "642215" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK HttpURLConnection incomplete TRACE permission check (6981426)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3574" }, { "category": "external", "summary": "RHBZ#642215", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642215" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3574", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3574" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3574", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3574" } ], "release_date": "2010-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-10-13T16:22:00+00:00", "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0768" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src", "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386", "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK HttpURLConnection incomplete TRACE permission check (6981426)" } ] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.