rhsa-2013_0246
Vulnerability from csaf_redhat
Published
2013-02-08 19:06
Modified
2024-09-13 08:01
Summary
Red Hat Security Advisory: java-1.6.0-openjdk security update
Notes
Topic
Updated java-1.6.0-openjdk packages that fix several security issues are
now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.
Multiple improper permission check issues were discovered in the AWT,
CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java
application or applet could use these flaws to bypass Java sandbox
restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,
CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,
CVE-2013-0428)
Multiple flaws were found in the way image parsers in the 2D and AWT
components handled image raster parameters. A specially-crafted image could
cause Java Virtual Machine memory corruption and, possibly, lead to
arbitrary code execution with the virtual machine privileges.
(CVE-2013-1478, CVE-2013-1480)
A flaw was found in the AWT component's clipboard handling code. An
untrusted Java application or applet could use this flaw to access
clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)
The default Java security properties configuration did not restrict access
to certain com.sun.xml.internal packages. An untrusted Java application or
applet could use this flaw to access information, bypassing certain Java
sandbox restrictions. This update lists the whole package as restricted.
(CVE-2013-0435)
Multiple improper permission check issues were discovered in the Libraries,
Networking, and JAXP components. An untrusted Java application or applet
could use these flaws to bypass certain Java sandbox restrictions.
(CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)
It was discovered that the RMI component's CGIHandler class used user
inputs in error messages without any sanitization. An attacker could use
this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)
It was discovered that the SSL/TLS implementation in the JSSE component
did not properly enforce handshake message ordering, allowing an unlimited
number of handshake restarts. A remote attacker could use this flaw to
make an SSL/TLS server using JSSE consume an excessive amount of CPU by
continuously restarting the handshake. (CVE-2013-0440)
It was discovered that the JSSE component did not properly validate
Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw
to perform a small subgroup attack. (CVE-2013-0443)
This erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to
the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated java-1.6.0-openjdk packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\nCVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially-crafted image could\ncause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component\u0027s clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.xml.internal packages. An untrusted Java application or\napplet could use this flaw to access information, bypassing certain Java\nsandbox restrictions. This update lists the whole package as restricted.\n(CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries,\nNetworking, and JAXP components. An untrusted Java application or applet\ncould use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component\u0027s CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could use\nthis flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component\ndid not properly enforce handshake message ordering, allowing an unlimited\nnumber of handshake restarts. A remote attacker could use this flaw to\nmake an SSL/TLS server using JSSE consume an excessive amount of CPU by\ncontinuously restarting the handshake. (CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\nto perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:0246",
"url": "https://access.redhat.com/errata/RHSA-2013:0246"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS",
"url": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS"
},
{
"category": "external",
"summary": "859140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=859140"
},
{
"category": "external",
"summary": "860652",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860652"
},
{
"category": "external",
"summary": "906813",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=906813"
},
{
"category": "external",
"summary": "906892",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=906892"
},
{
"category": "external",
"summary": "906894",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=906894"
},
{
"category": "external",
"summary": "906899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=906899"
},
{
"category": "external",
"summary": "906900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=906900"
},
{
"category": "external",
"summary": "906904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=906904"
},
{
"category": "external",
"summary": "906911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=906911"
},
{
"category": "external",
"summary": "907207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907207"
},
{
"category": "external",
"summary": "907219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907219"
},
{
"category": "external",
"summary": "907340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907340"
},
{
"category": "external",
"summary": "907344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907344"
},
{
"category": "external",
"summary": "907346",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907346"
},
{
"category": "external",
"summary": "907453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907453"
},
{
"category": "external",
"summary": "907455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907455"
},
{
"category": "external",
"summary": "907456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907456"
},
{
"category": "external",
"summary": "907457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907457"
},
{
"category": "external",
"summary": "907458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907458"
},
{
"category": "external",
"summary": "907460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907460"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2013/rhsa-2013_0246.json"
}
],
"title": "Red Hat Security Advisory: java-1.6.0-openjdk security update",
"tracking": {
"current_release_date": "2024-09-13T08:01:19+00:00",
"generator": {
"date": "2024-09-13T08:01:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2013:0246",
"initial_release_date": "2013-02-08T19:06:00+00:00",
"revision_history": [
{
"date": "2013-02-08T19:06:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-02-08T19:12:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T08:01:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"product": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-1.33.1.11.6.el5_9?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"product": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-1.33.1.11.6.el5_9?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"product": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-1.33.1.11.6.el5_9?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"product": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.33.1.11.6.el5_9?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"product": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-1.33.1.11.6.el5_9?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"product": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-1.33.1.11.6.el5_9?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"product": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-1.33.1.11.6.el5_9?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"product": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-1.33.1.11.6.el5_9?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"product": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-1.33.1.11.6.el5_9?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"product": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.33.1.11.6.el5_9?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"product": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-1.33.1.11.6.el5_9?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"product": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-1.33.1.11.6.el5_9?arch=i386\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"product": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.33.1.11.6.el5_9?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386"
},
"product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
},
"product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386"
},
"product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
},
"product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386"
},
"product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
},
"product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386"
},
"product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
},
"product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386"
},
"product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
},
"product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"relates_to_product_reference": "5Server-5.9.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0424",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-02-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "906813"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0424"
},
{
"category": "external",
"summary": "RHBZ#906813",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=906813"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0424",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0424"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0424",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0424"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
}
],
"release_date": "2013-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0246"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318)"
},
{
"cve": "CVE-2013-0425",
"discovery_date": "2013-02-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "907344"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect \"access control checks\" in the logging API that allow remote attackers to bypass Java sandbox restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: logging insufficient access control checks (Libraries, 6664509)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0425"
},
{
"category": "external",
"summary": "RHBZ#907344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0425",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0425"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
}
],
"release_date": "2013-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0246"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: logging insufficient access control checks (Libraries, 6664509)"
},
{
"cve": "CVE-2013-0426",
"discovery_date": "2013-02-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "907346"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect \"access control checks\" in the logging API that allow remote attackers to bypass Java sandbox restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: logging insufficient access control checks (Libraries, 6664528)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0426"
},
{
"category": "external",
"summary": "RHBZ#907346",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907346"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0426",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0426"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0426",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0426"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
}
],
"release_date": "2013-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0246"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: logging insufficient access control checks (Libraries, 6664528)"
},
{
"cve": "CVE-2013-0427",
"discovery_date": "2013-02-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "907455"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: invalid threads subject to interrupts (Libraries, 6776941)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0427"
},
{
"category": "external",
"summary": "RHBZ#907455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0427",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0427"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0427",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0427"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
}
],
"release_date": "2013-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0246"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: invalid threads subject to interrupts (Libraries, 6776941)"
},
{
"cve": "CVE-2013-0428",
"discovery_date": "2013-02-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "907207"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"incorrect checks for proxy classes\" in the Reflection API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0428"
},
{
"category": "external",
"summary": "RHBZ#907207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0428",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0428"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
}
],
"release_date": "2013-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0246"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)"
},
{
"cve": "CVE-2013-0429",
"discovery_date": "2013-02-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "907460"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0429"
},
{
"category": "external",
"summary": "RHBZ#907460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0429",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0429"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
}
],
"release_date": "2013-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0246"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694)"
},
{
"cve": "CVE-2013-0432",
"discovery_date": "2013-02-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "907219"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"insufficient clipboard access premission checks.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient clipboard access premission checks (AWT, 7186952)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0432"
},
{
"category": "external",
"summary": "RHBZ#907219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907219"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0432",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0432"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
}
],
"release_date": "2013-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0246"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: insufficient clipboard access premission checks (AWT, 7186952)"
},
{
"cve": "CVE-2013-0433",
"discovery_date": "2013-02-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "907456"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: InetSocketAddress serialization issue (Networking, 7201071)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0433"
},
{
"category": "external",
"summary": "RHBZ#907456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0433",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0433"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0433",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0433"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
}
],
"release_date": "2013-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0246"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: InetSocketAddress serialization issue (Networking, 7201071)"
},
{
"cve": "CVE-2013-0434",
"discovery_date": "2013-02-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "907453"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0434"
},
{
"category": "external",
"summary": "RHBZ#907453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907453"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0434",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0434"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0434",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0434"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
}
],
"release_date": "2013-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0246"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235)"
},
{
"cve": "CVE-2013-0435",
"discovery_date": "2013-02-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "906892"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and \"Better handling of UI elements.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0435"
},
{
"category": "external",
"summary": "RHBZ#906892",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=906892"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0435",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0435"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0435",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0435"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
}
],
"release_date": "2013-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0246"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068)"
},
{
"cve": "CVE-2013-0440",
"discovery_date": "2012-07-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "859140"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0440"
},
{
"category": "external",
"summary": "RHBZ#859140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=859140"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0440",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0440"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0440",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0440"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
}
],
"release_date": "2013-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0246"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393)"
},
{
"cve": "CVE-2013-0441",
"discovery_date": "2013-02-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "907458"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka \"missing serialization restriction.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: missing serialization restriction (CORBA, 7201066)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0441"
},
{
"category": "external",
"summary": "RHBZ#907458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0441",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0441"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
}
],
"release_date": "2013-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0246"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: missing serialization restriction (CORBA, 7201066)"
},
{
"cve": "CVE-2013-0442",
"discovery_date": "2013-02-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "906899"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of \"privileges of the code\" that bypasses the sandbox.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient privilege checking issue (AWT, 7192977)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0442"
},
{
"category": "external",
"summary": "RHBZ#906899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=906899"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0442",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0442"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0442",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0442"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
}
],
"release_date": "2013-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0246"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: insufficient privilege checking issue (AWT, 7192977)"
},
{
"cve": "CVE-2013-0443",
"discovery_date": "2013-02-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "907340"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a \"small subgroup attack\" to force the use of weak session keys or obtain sensitive information about the private key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0443"
},
{
"category": "external",
"summary": "RHBZ#907340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0443",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0443"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0443",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0443"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
}
],
"release_date": "2013-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0246"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392)"
},
{
"cve": "CVE-2013-0445",
"discovery_date": "2013-02-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "906900"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of \"privileges of the code\" that bypasses the sandbox.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient privilege checking issue (AWT, 8001057)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0445"
},
{
"category": "external",
"summary": "RHBZ#906900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=906900"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0445",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0445"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0445",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0445"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
}
],
"release_date": "2013-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0246"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: insufficient privilege checking issue (AWT, 8001057)"
},
{
"cve": "CVE-2013-0450",
"discovery_date": "2013-02-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "906911"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of \"access control context\" in the JMX RequiredModelMBean class.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0450"
},
{
"category": "external",
"summary": "RHBZ#906911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=906911"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0450"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0450",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0450"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
}
],
"release_date": "2013-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0246"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537)"
},
{
"cve": "CVE-2013-1475",
"discovery_date": "2013-02-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "860652"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"IIOP type reuse management\" in ObjectStreamClass.java.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: IIOP type reuse sandbox bypass (CORBA, 8000540, SE-2012-01 Issue 50)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1475"
},
{
"category": "external",
"summary": "RHBZ#860652",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860652"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1475",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1475"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1475",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1475"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
}
],
"release_date": "2013-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0246"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: IIOP type reuse sandbox bypass (CORBA, 8000540, SE-2012-01 Issue 50)"
},
{
"cve": "CVE-2013-1476",
"discovery_date": "2013-02-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "907457"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via \"certain value handler constructors.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1476"
},
{
"category": "external",
"summary": "RHBZ#907457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907457"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1476",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1476"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1476",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1476"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
}
],
"release_date": "2013-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0246"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631)"
},
{
"cve": "CVE-2013-1478",
"discovery_date": "2013-02-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "906894"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"insufficient validation of raster parameters\" that can trigger an integer overflow and memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: image parser insufficient raster parameter checks (2D, 8001972)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1478"
},
{
"category": "external",
"summary": "RHBZ#906894",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=906894"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1478",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1478"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1478",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1478"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
}
],
"release_date": "2013-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0246"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: image parser insufficient raster parameter checks (2D, 8001972)"
},
{
"cve": "CVE-2013-1480",
"discovery_date": "2013-02-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "906904"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"insufficient validation of raster parameters\" in awt_parseImage.c, which triggers memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1480"
},
{
"category": "external",
"summary": "RHBZ#906904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=906904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1480",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1480"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1480",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1480"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
}
],
"release_date": "2013-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0246"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.src",
"5Server-5.9.Z:java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.i386",
"5Server-5.9.Z:java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325)"
}
]
}
Loading...