rhsa-2013_1456
Vulnerability from csaf_redhat
Published
2013-10-23 16:26
Modified
2024-12-08 10:38
Summary
Red Hat Security Advisory: Red Hat Network Satellite server IBM Java Runtime security update
Notes
Topic
Updated java-1.6.0-ibm packages that fix several security issues are now
available for Red Hat Network Satellite Server 5.5.
The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
This update corrects several security vulnerabilities in the IBM Java
Runtime Environment shipped as part of Red Hat Network Satellite Server
5.5. In a typical operating environment, these are of low security risk as
the runtime is not used on untrusted applets.
Several flaws were fixed in the IBM Java 2 Runtime Environment.
(CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533,
CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717,
CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725,
CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342,
CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069,
CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079,
CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169,
CVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,
CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,
CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438,
CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445,
CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476,
CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487,
CVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540,
CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383,
CVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417,
CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424,
CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435,
CVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444,
CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451,
CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456,
CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,
CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471,
CVE-2013-2472, CVE-2013-2473, CVE-2013-3743)
Users of Red Hat Network Satellite Server 5.5 are advised to upgrade to
these updated packages, which contain the IBM Java SE 6 SR14 release. For
this update to take effect, Red Hat Network Satellite Server must be
restarted ("/usr/sbin/rhn-satellite restart"), as well as all running
instances of IBM Java.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated java-1.6.0-ibm packages that fix several security issues are now\navailable for Red Hat Network Satellite Server 5.5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "This update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite Server\n5.5. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets.\n\nSeveral flaws were fixed in the IBM Java 2 Runtime Environment.\n(CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533,\nCVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717,\nCVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725,\nCVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342,\nCVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069,\nCVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079,\nCVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169,\nCVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,\nCVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438,\nCVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445,\nCVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476,\nCVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487,\nCVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540,\nCVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383,\nCVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417,\nCVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424,\nCVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435,\nCVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444,\nCVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451,\nCVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456,\nCVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,\nCVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-3743)\n\nUsers of Red Hat Network Satellite Server 5.5 are advised to upgrade to\nthese updated packages, which contain the IBM Java SE 6 SR14 release. For\nthis update to take effect, Red Hat Network Satellite Server must be\nrestarted (\"/usr/sbin/rhn-satellite restart\"), as well as all running\ninstances of IBM Java.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2013:1456", "url": "https://access.redhat.com/errata/RHSA-2013:1456" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "829358", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829358" }, { "category": "external", "summary": "829360", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829360" }, { "category": "external", "summary": "829361", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829361" }, { "category": "external", "summary": "829371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829371" }, { "category": "external", "summary": "829372", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829372" }, { "category": "external", "summary": "829376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829376" }, { "category": "external", "summary": "831353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=831353" }, { "category": "external", "summary": "831354", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=831354" }, { "category": "external", "summary": "831355", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=831355" }, { "category": "external", "summary": "853097", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853097" }, { "category": "external", "summary": "853228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853228" }, { "category": "external", "summary": "859140", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=859140" }, { "category": "external", "summary": "865346", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865346" }, { "category": "external", "summary": "865348", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865348" }, { "category": "external", "summary": "865357", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865357" }, { "category": "external", "summary": "865363", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865363" }, { "category": "external", "summary": "865365", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865365" }, { "category": "external", "summary": "865370", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865370" }, { "category": "external", "summary": "865511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865511" }, { "category": "external", "summary": "865514", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865514" }, { "category": "external", "summary": "865519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865519" }, { "category": "external", "summary": "865531", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865531" }, { "category": "external", "summary": "865568", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865568" }, { "category": "external", "summary": "867185", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=867185" }, { "category": "external", "summary": "867186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=867186" }, { "category": "external", "summary": "867187", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=867187" }, { "category": "external", "summary": "867189", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=867189" }, { "category": "external", "summary": "867190", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=867190" }, { "category": "external", "summary": "867193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=867193" }, { "category": "external", "summary": "876386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=876386" }, { "category": "external", "summary": "876388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=876388" }, { "category": "external", "summary": "876389", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=876389" }, { "category": "external", "summary": "906813", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906813" }, { "category": "external", "summary": "906892", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906892" }, { "category": "external", "summary": "906894", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906894" }, { "category": "external", "summary": "906899", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906899" }, { "category": "external", "summary": "906900", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906900" }, { "category": "external", "summary": "906904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906904" }, { "category": "external", "summary": "906911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906911" }, { "category": "external", "summary": "906914", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906914" }, { "category": "external", "summary": "906916", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906916" }, { "category": "external", "summary": "906917", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906917" }, { "category": "external", "summary": "906918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906918" }, { "category": "external", "summary": "906921", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906921" }, { "category": "external", "summary": "906923", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906923" }, { "category": "external", "summary": "906933", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906933" }, { "category": "external", "summary": "906935", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906935" }, { "category": "external", "summary": "907207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907207" }, { "category": "external", "summary": "907219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907219" }, { "category": "external", "summary": "907223", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907223" }, { "category": "external", "summary": "907224", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907224" }, { "category": "external", "summary": "907226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907226" }, { "category": "external", "summary": "907340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907340" }, { "category": "external", "summary": "907344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907344" }, { "category": "external", "summary": "907346", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907346" }, { "category": "external", "summary": "907453", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907453" }, { "category": "external", "summary": "907455", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907455" }, { "category": "external", "summary": "907456", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907456" }, { "category": "external", "summary": "907457", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907457" }, { "category": "external", "summary": "907458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907458" }, { "category": "external", "summary": "907589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589" }, { "category": "external", "summary": "913014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913014" }, { "category": "external", "summary": "913030", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913030" }, { "category": "external", "summary": "917550", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917550" }, { "category": "external", "summary": "917553", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917553" }, { "category": "external", "summary": "920245", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=920245" }, { "category": "external", "summary": "920248", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=920248" }, { "category": "external", "summary": "952387", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952387" }, { "category": "external", "summary": "952509", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952509" }, { "category": "external", "summary": "952521", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952521" }, { "category": "external", "summary": "952524", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952524" }, { "category": "external", "summary": "952638", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952638" }, { "category": "external", "summary": "952642", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952642" }, { "category": "external", "summary": "952648", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952648" }, { "category": "external", "summary": "952656", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952656" }, { "category": "external", "summary": "952657", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952657" }, { "category": "external", "summary": "952708", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952708" }, { "category": "external", "summary": "952709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952709" }, { "category": "external", "summary": "952711", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952711" }, { "category": "external", "summary": "953166", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953166" }, { "category": "external", "summary": "953172", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953172" }, { "category": "external", "summary": "953265", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953265" }, { "category": "external", "summary": "953267", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953267" }, { "category": "external", "summary": "953269", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953269" }, { "category": "external", "summary": "953270", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953270" }, { "category": "external", "summary": "953273", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953273" }, { "category": "external", "summary": "953275", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953275" }, { "category": "external", "summary": "973474", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=973474" }, { "category": "external", "summary": "975099", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975099" }, { "category": "external", "summary": "975102", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975102" }, { "category": "external", "summary": "975107", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975107" }, { "category": "external", "summary": "975110", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975110" }, { "category": "external", "summary": "975115", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975115" }, { "category": "external", "summary": "975118", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975118" }, { "category": "external", "summary": "975120", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975120" }, { "category": "external", "summary": "975121", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975121" }, { "category": "external", "summary": "975125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975125" }, { "category": "external", "summary": "975127", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975127" }, { "category": "external", "summary": "975129", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975129" }, { "category": "external", "summary": "975131", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975131" }, { "category": "external", "summary": "975132", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975132" }, { "category": "external", "summary": "975133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975133" }, { "category": "external", "summary": "975134", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975134" }, { "category": "external", "summary": "975137", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975137" }, { "category": "external", "summary": "975138", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975138" }, { "category": "external", "summary": "975139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975139" }, { "category": "external", "summary": "975140", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975140" }, { "category": "external", "summary": "975141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975141" }, { "category": "external", "summary": "975142", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975142" }, { "category": "external", "summary": "975144", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975144" }, { "category": "external", "summary": "975146", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975146" }, { "category": "external", "summary": "975148", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975148" }, { "category": "external", "summary": "975757", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975757" }, { "category": "external", "summary": "975761", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975761" }, { "category": "external", "summary": "975764", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975764" }, { "category": "external", "summary": "975767", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975767" }, { "category": "external", "summary": "975770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975770" }, { "category": "external", "summary": "975773", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975773" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1456.json" } ], "title": "Red Hat Security Advisory: Red Hat Network Satellite server IBM Java Runtime security update", "tracking": { "current_release_date": "2024-12-08T10:38:43+00:00", "generator": { "date": "2024-12-08T10:38:43+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2013:1456", "initial_release_date": "2013-10-23T16:26:00+00:00", "revision_history": [ { "date": "2013-10-23T16:26:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2013-10-23T16:29:56+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T10:38:43+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Satellite 5.5 (RHEL v.5)", "product": { "name": "Red Hat Satellite 5.5 (RHEL v.5)", "product_id": "5Server-Satellite55", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.5::el5" } } }, { "category": "product_name", "name": "Red Hat Satellite 5.5 (RHEL v.6)", "product": { "name": "Red Hat Satellite 5.5 (RHEL v.6)", "product_id": "6Server-Satellite55", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.5::el6" } } } ], "category": "product_family", "name": "Red Hat Satellite" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "product": { "name": "java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "product_id": "java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.14.0-1jpp.1.el5_9?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "product": { "name": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "product_id": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.14.0-1jpp.1.el5_9?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "product": { "name": "java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "product_id": "java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.14.0-1jpp.1.el6_4?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "product": { "name": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "product_id": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.14.0-1jpp.1.el6_4?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "product": { "name": "java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "product_id": "java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.14.0-1jpp.1.el5_9?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "product": { "name": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "product_id": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.14.0-1jpp.1.el5_9?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "product": { "name": "java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "product_id": "java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.14.0-1jpp.1.el6_4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "product": { "name": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "product_id": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.14.0-1jpp.1.el6_4?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "product": { "name": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "product_id": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.14.0-1jpp.1.el5_9?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "product": { "name": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "product_id": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.14.0-1jpp.1.el6_4?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x as a component of Red Hat Satellite 5.5 (RHEL v.5)", "product_id": "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "relates_to_product_reference": "5Server-Satellite55" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src as a component of Red Hat Satellite 5.5 (RHEL v.5)", "product_id": "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "relates_to_product_reference": "5Server-Satellite55" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64 as a component of Red Hat Satellite 5.5 (RHEL v.5)", "product_id": "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "relates_to_product_reference": "5Server-Satellite55" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x as a component of Red Hat Satellite 5.5 (RHEL v.5)", "product_id": "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x" }, "product_reference": "java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "relates_to_product_reference": "5Server-Satellite55" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64 as a component of Red Hat Satellite 5.5 (RHEL v.5)", "product_id": "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64" }, "product_reference": "java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "relates_to_product_reference": "5Server-Satellite55" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x as a component of Red Hat Satellite 5.5 (RHEL v.6)", "product_id": "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "relates_to_product_reference": "6Server-Satellite55" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src as a component of Red Hat Satellite 5.5 (RHEL v.6)", "product_id": "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "relates_to_product_reference": "6Server-Satellite55" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64 as a component of Red Hat Satellite 5.5 (RHEL v.6)", "product_id": "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "relates_to_product_reference": "6Server-Satellite55" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x as a component of Red Hat Satellite 5.5 (RHEL v.6)", "product_id": "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x" }, "product_reference": "java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "relates_to_product_reference": "6Server-Satellite55" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64 as a component of Red Hat Satellite 5.5 (RHEL v.6)", "product_id": "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" }, "product_reference": "java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "relates_to_product_reference": "6Server-Satellite55" } ] }, "vulnerabilities": [ { "cve": "CVE-2012-0547", "discovery_date": "2012-08-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "853228" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and \"a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited.\" NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to \"toolkit internals references.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: AWT hardening fixes (AWT, 7163201)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0547" }, { "category": "external", "summary": "RHBZ#853228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853228" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0547", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0547" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0547", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0547" } ], "release_date": "2012-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 0.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK: AWT hardening fixes (AWT, 7163201)" }, { "cve": "CVE-2012-0551", "discovery_date": "2012-06-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "831355" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0551" }, { "category": "external", "summary": "RHBZ#831355", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=831355" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0551", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0551" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0551", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0551" } ], "release_date": "2012-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)" }, { "cve": "CVE-2012-1531", "discovery_date": "2012-10-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "867185" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability (2D)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-1531" }, { "category": "external", "summary": "RHBZ#867185", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=867185" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-1531", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1531" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1531", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1531" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" } ], "release_date": "2012-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability (2D)" }, { "cve": "CVE-2012-1532", "discovery_date": "2012-10-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "867186" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-1532" }, { "category": "external", "summary": "RHBZ#867186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=867186" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-1532", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1532" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1532", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1532" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" } ], "release_date": "2012-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability (Deployment)" }, { "cve": "CVE-2012-1533", "discovery_date": "2012-10-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "867187" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-3159.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-1533" }, { "category": "external", "summary": "RHBZ#867187", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=867187" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-1533", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1533" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1533", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1533" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" } ], "release_date": "2012-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability (Deployment)" }, { "cve": "CVE-2012-1541", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "906914" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an interaction error in between the JRE plug-in for WebKit-based browsers and the Javascript engine, which allows remote attackers to execute arbitrary code by modifying DOM nodes that contain applet elements in a way that triggers an incorrect reference count and a use after free.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-1541" }, { "category": "external", "summary": "RHBZ#906914", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906914" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-1541", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1541" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1541", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1541" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)" }, { "cve": "CVE-2012-1682", "discovery_date": "2012-08-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "853097" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to \"XMLDecoder security issue via ClassFinder.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-1682" }, { "category": "external", "summary": "RHBZ#853097", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853097" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-1682", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1682" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1682", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1682" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html", "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html" } ], "release_date": "2012-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)" }, { "cve": "CVE-2012-1713", "discovery_date": "2012-06-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "829361" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-1713" }, { "category": "external", "summary": "RHBZ#829361", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829361" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-1713", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1713" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1713", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1713" } ], "release_date": "2012-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617)" }, { "cve": "CVE-2012-1716", "discovery_date": "2012-06-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "829360" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-1716" }, { "category": "external", "summary": "RHBZ#829360", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829360" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-1716", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1716" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1716", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1716" } ], "release_date": "2012-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614)" }, { "cve": "CVE-2012-1717", "cwe": { "id": "CWE-732", "name": "Incorrect Permission Assignment for Critical Resource" }, "discovery_date": "2012-06-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "829358" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insecure temporary file permissions (JRE, 7143606)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-1717" }, { "category": "external", "summary": "RHBZ#829358", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829358" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-1717", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1717" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1717", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1717" } ], "release_date": "2012-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK: insecure temporary file permissions (JRE, 7143606)" }, { "cve": "CVE-2012-1718", "discovery_date": "2012-06-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "829372" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-1718" }, { "category": "external", "summary": "RHBZ#829372", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829372" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-1718", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1718" } ], "release_date": "2012-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)" }, { "cve": "CVE-2012-1719", "discovery_date": "2012-06-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "829371" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-1719" }, { "category": "external", "summary": "RHBZ#829371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829371" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-1719", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1719" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1719", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1719" } ], "release_date": "2012-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851)" }, { "cve": "CVE-2012-1721", "discovery_date": "2012-06-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "831353" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1722.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-1721" }, { "category": "external", "summary": "RHBZ#831353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=831353" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-1721", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1721" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1721", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1721" } ], "release_date": "2012-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)" }, { "cve": "CVE-2012-1722", "discovery_date": "2012-06-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "831354" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1721.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-1722" }, { "category": "external", "summary": "RHBZ#831354", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=831354" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-1722", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1722" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1722", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1722" } ], "release_date": "2012-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)" }, { "cve": "CVE-2012-1725", "discovery_date": "2012-06-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "829376" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insufficient invokespecial \u003cinit\u003e verification (HotSpot, 7160757)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-1725" }, { "category": "external", "summary": "RHBZ#829376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829376" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-1725", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1725" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1725", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1725" } ], "release_date": "2012-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: insufficient invokespecial \u003cinit\u003e verification (HotSpot, 7160757)" }, { "cve": "CVE-2012-3143", "discovery_date": "2012-10-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "867189" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-5089.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability (JMX)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-3143" }, { "category": "external", "summary": "RHBZ#867189", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=867189" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-3143", "url": "https://www.cve.org/CVERecord?id=CVE-2012-3143" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3143", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3143" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" } ], "release_date": "2012-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability (JMX)" }, { "cve": "CVE-2012-3159", "discovery_date": "2012-10-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "867190" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1533.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-3159" }, { "category": "external", "summary": "RHBZ#867190", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=867190" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-3159", "url": "https://www.cve.org/CVERecord?id=CVE-2012-3159" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3159", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3159" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" } ], "release_date": "2012-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK: unspecified vulnerability (Deployment)" }, { "cve": "CVE-2012-3213", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "907223" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Scripting)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-3213" }, { "category": "external", "summary": "RHBZ#907223", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907223" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-3213", "url": "https://www.cve.org/CVERecord?id=CVE-2012-3213" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3213", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3213" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Scripting)" }, { "cve": "CVE-2012-3216", "discovery_date": "2012-10-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "865346" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: java.io.FilePermission information leak (Libraries, 6631398)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-3216" }, { "category": "external", "summary": "RHBZ#865346", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865346" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-3216", "url": "https://www.cve.org/CVERecord?id=CVE-2012-3216" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3216", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3216" } ], "release_date": "2012-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK: java.io.FilePermission information leak (Libraries, 6631398)" }, { "cve": "CVE-2012-3342", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "906917" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-3342" }, { "category": "external", "summary": "RHBZ#906917", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906917" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-3342", "url": "https://www.cve.org/CVERecord?id=CVE-2012-3342" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3342", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3342" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)" }, { "cve": "CVE-2012-4820", "discovery_date": "2012-11-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "876386" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes \u0026 Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to \"insecure use of the java.lang.reflect.Method invoke() method.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: java.lang.reflect.Method invoke() code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-4820" }, { "category": "external", "summary": "RHBZ#876386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=876386" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4820", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4820" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4820", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4820" }, { "category": "external", "summary": "http://xforce.iss.net/xforce/xfdb/78764", "url": "http://xforce.iss.net/xforce/xfdb/78764" } ], "release_date": "2012-11-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK: java.lang.reflect.Method invoke() code execution" }, { "cve": "CVE-2012-4822", "discovery_date": "2012-11-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "876388" } ], "notes": [ { "category": "description", "text": "Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes \u0026 Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to \"insecure use [of] multiple methods in the java.lang.class class.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: java.lang.class code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-4822" }, { "category": "external", "summary": "RHBZ#876388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=876388" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4822", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4822" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4822", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4822" }, { "category": "external", "summary": "http://xforce.iss.net/xforce/xfdb/78766", "url": "http://xforce.iss.net/xforce/xfdb/78766" } ], "release_date": "2012-11-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK: java.lang.class code execution" }, { "cve": "CVE-2012-4823", "discovery_date": "2012-11-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "876389" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes \u0026 Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to \"insecure use of the java.lang.ClassLoder defineClass() method.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: java.lang.ClassLoder defineClass() code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-4823" }, { "category": "external", "summary": "RHBZ#876389", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=876389" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4823", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4823" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4823", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4823" }, { "category": "external", "summary": "http://xforce.iss.net/xforce/xfdb/78767", "url": "http://xforce.iss.net/xforce/xfdb/78767" } ], "release_date": "2012-11-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK: java.lang.ClassLoder defineClass() code execution" }, { "cve": "CVE-2012-5068", "discovery_date": "2012-10-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "865348" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5068" }, { "category": "external", "summary": "RHBZ#865348", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865348" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5068", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5068" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5068", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5068" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" } ], "release_date": "2012-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535)" }, { "cve": "CVE-2012-5069", "discovery_date": "2012-10-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "865531" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Executors state handling issues (Concurrency, 7189103)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5069" }, { "category": "external", "summary": "RHBZ#865531", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865531" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5069", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5069" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5069", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5069" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" } ], "release_date": "2012-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: Executors state handling issues (Concurrency, 7189103)" }, { "cve": "CVE-2012-5071", "discovery_date": "2012-10-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "865519" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: DescriptorSupport insufficient package access checks (JMX, 7192975)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5071" }, { "category": "external", "summary": "RHBZ#865519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865519" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5071", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5071" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5071", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5071" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" } ], "release_date": "2012-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: DescriptorSupport insufficient package access checks (JMX, 7192975)" }, { "cve": "CVE-2012-5072", "discovery_date": "2012-10-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "865365" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5072" }, { "category": "external", "summary": "RHBZ#865365", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865365" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5072", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5072" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5072", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5072" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" } ], "release_date": "2012-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522)" }, { "cve": "CVE-2012-5073", "discovery_date": "2012-10-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "865357" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5079.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: LogManager security bypass (Libraries, 7169884)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5073" }, { "category": "external", "summary": "RHBZ#865357", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865357" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5073", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5073" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5073", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5073" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" } ], "release_date": "2012-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: LogManager security bypass (Libraries, 7169884)" }, { "cve": "CVE-2012-5075", "discovery_date": "2012-10-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "865363" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5075" }, { "category": "external", "summary": "RHBZ#865363", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865363" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5075", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5075" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5075", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5075" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" } ], "release_date": "2012-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888)" }, { "cve": "CVE-2012-5079", "discovery_date": "2012-10-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "865568" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5073.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5079" }, { "category": "external", "summary": "RHBZ#865568", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865568" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5079", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5079" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5079", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5079" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" } ], "release_date": "2012-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919)" }, { "cve": "CVE-2012-5081", "discovery_date": "2012-10-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "865370" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: JSSE denial of service (JSSE, 7186286)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5081" }, { "category": "external", "summary": "RHBZ#865370", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865370" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5081", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5081" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5081", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5081" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" } ], "release_date": "2012-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: JSSE denial of service (JSSE, 7186286)" }, { "cve": "CVE-2012-5083", "discovery_date": "2012-10-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "867193" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability (2D)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5083" }, { "category": "external", "summary": "RHBZ#867193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=867193" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5083", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5083" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5083", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5083" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" } ], "release_date": "2012-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability (2D)" }, { "cve": "CVE-2012-5084", "discovery_date": "2012-10-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "865511" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5084" }, { "category": "external", "summary": "RHBZ#865511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865511" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5084", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5084" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" } ], "release_date": "2012-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194)" }, { "cve": "CVE-2012-5089", "discovery_date": "2012-10-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "865514" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-3143.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5089" }, { "category": "external", "summary": "RHBZ#865514", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865514" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5089", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5089" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5089", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5089" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" } ], "release_date": "2012-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296)" }, { "cve": "CVE-2013-0169", "discovery_date": "2013-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "907589" } ], "notes": [ { "category": "description", "text": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "SSL/TLS: CBC padding timing attack (lucky-13)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0169" }, { "category": "external", "summary": "RHBZ#907589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0169", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0169" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169" }, { "category": "external", "summary": "http://www.isg.rhul.ac.uk/tls/", "url": "http://www.isg.rhul.ac.uk/tls/" }, { "category": "external", "summary": "http://www.openssl.org/news/secadv_20130205.txt", "url": "http://www.openssl.org/news/secadv_20130205.txt" }, { "category": "external", "summary": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released", "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released" } ], "release_date": "2013-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" }, { "category": "workaround", "details": "On OpenShift Container Platform 3.11 it\u0027s possible to edit the list of cipher suites offered by the router when performing \u0027edge\u0027, or \u0027re-encrypt\u0027 TLS modes. Please follow the documentation [1], and [2] to remove the vulnerable CBC ciphers use the modern, or intermediate cipher suites outlined by Mozilla instead [3]. In \u0027passthrough\u0027 mode TLS termination occurs in the application so that is another way to mitigate the vulnerability.\n[1] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#obtaining-router-configuration-template\n[2] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#using-configmap-replace-template\n[3] https://wiki.mozilla.org/Security/Server_Side_TLS", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "SSL/TLS: CBC padding timing attack (lucky-13)" }, { "cve": "CVE-2013-0351", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "906923" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0351" }, { "category": "external", "summary": "RHBZ#906923", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906923" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0351", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0351" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0351", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0351" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)" }, { "cve": "CVE-2013-0401", "discovery_date": "2013-03-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "920245" } ], "notes": [ { "category": "description", "text": "The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0401" }, { "category": "external", "summary": "RHBZ#920245", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=920245" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0401", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0401" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0401", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0401" } ], "release_date": "2013-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305)" }, { "cve": "CVE-2013-0409", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "907226" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0409" }, { "category": "external", "summary": "RHBZ#907226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0409", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0409" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0409", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0409" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX)" }, { "cve": "CVE-2013-0419", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "906918" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0419" }, { "category": "external", "summary": "RHBZ#906918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906918" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0419", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0419" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0419", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0419" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)" }, { "cve": "CVE-2013-0423", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "906921" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0423" }, { "category": "external", "summary": "RHBZ#906921", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906921" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0423", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0423" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0423", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0423" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)" }, { "cve": "CVE-2013-0424", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "906813" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0424" }, { "category": "external", "summary": "RHBZ#906813", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906813" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0424", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0424" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0424", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0424" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318)" }, { "cve": "CVE-2013-0425", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "907344" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect \"access control checks\" in the logging API that allow remote attackers to bypass Java sandbox restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: logging insufficient access control checks (Libraries, 6664509)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0425" }, { "category": "external", "summary": "RHBZ#907344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907344" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0425", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0425" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0425", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0425" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: logging insufficient access control checks (Libraries, 6664509)" }, { "cve": "CVE-2013-0426", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "907346" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect \"access control checks\" in the logging API that allow remote attackers to bypass Java sandbox restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: logging insufficient access control checks (Libraries, 6664528)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0426" }, { "category": "external", "summary": "RHBZ#907346", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907346" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0426", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0426" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0426", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0426" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: logging insufficient access control checks (Libraries, 6664528)" }, { "cve": "CVE-2013-0427", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "907455" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: invalid threads subject to interrupts (Libraries, 6776941)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0427" }, { "category": "external", "summary": "RHBZ#907455", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907455" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0427", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0427" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0427", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0427" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: invalid threads subject to interrupts (Libraries, 6776941)" }, { "cve": "CVE-2013-0428", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "907207" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"incorrect checks for proxy classes\" in the Reflection API.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0428" }, { "category": "external", "summary": "RHBZ#907207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907207" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0428", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0428" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0428", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0428" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)" }, { "cve": "CVE-2013-0432", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "907219" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"insufficient clipboard access premission checks.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insufficient clipboard access premission checks (AWT, 7186952)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0432" }, { "category": "external", "summary": "RHBZ#907219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907219" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0432", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0432" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0432", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0432" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: insufficient clipboard access premission checks (AWT, 7186952)" }, { "cve": "CVE-2013-0433", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "907456" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: InetSocketAddress serialization issue (Networking, 7201071)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0433" }, { "category": "external", "summary": "RHBZ#907456", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907456" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0433", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0433" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0433", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0433" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: InetSocketAddress serialization issue (Networking, 7201071)" }, { "cve": "CVE-2013-0434", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "907453" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0434" }, { "category": "external", "summary": "RHBZ#907453", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907453" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0434", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0434" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0434", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0434" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235)" }, { "cve": "CVE-2013-0435", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "906892" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and \"Better handling of UI elements.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0435" }, { "category": "external", "summary": "RHBZ#906892", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906892" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0435", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0435" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0435", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0435" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068)" }, { "cve": "CVE-2013-0438", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "906935" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0438" }, { "category": "external", "summary": "RHBZ#906935", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906935" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0438", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0438" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0438", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0438" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)" }, { "cve": "CVE-2013-0440", "discovery_date": "2012-07-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "859140" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0440" }, { "category": "external", "summary": "RHBZ#859140", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=859140" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0440", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0440" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0440", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0440" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393)" }, { "cve": "CVE-2013-0441", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "907458" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka \"missing serialization restriction.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: missing serialization restriction (CORBA, 7201066)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0441" }, { "category": "external", "summary": "RHBZ#907458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907458" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0441", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0441" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0441", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0441" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: missing serialization restriction (CORBA, 7201066)" }, { "cve": "CVE-2013-0442", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "906899" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of \"privileges of the code\" that bypasses the sandbox.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insufficient privilege checking issue (AWT, 7192977)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0442" }, { "category": "external", "summary": "RHBZ#906899", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906899" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0442", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0442" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0442", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0442" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: insufficient privilege checking issue (AWT, 7192977)" }, { "cve": "CVE-2013-0443", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "907340" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a \"small subgroup attack\" to force the use of weak session keys or obtain sensitive information about the private key.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0443" }, { "category": "external", "summary": "RHBZ#907340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0443", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0443" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0443", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0443" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392)" }, { "cve": "CVE-2013-0445", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "906900" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of \"privileges of the code\" that bypasses the sandbox.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insufficient privilege checking issue (AWT, 8001057)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0445" }, { "category": "external", "summary": "RHBZ#906900", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906900" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0445", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0445" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0445", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0445" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: insufficient privilege checking issue (AWT, 8001057)" }, { "cve": "CVE-2013-0446", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "906916" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0446" }, { "category": "external", "summary": "RHBZ#906916", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906916" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0446", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0446" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0446", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0446" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)" }, { "cve": "CVE-2013-0450", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "906911" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of \"access control context\" in the JMX RequiredModelMBean class.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0450" }, { "category": "external", "summary": "RHBZ#906911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906911" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0450", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0450" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537)" }, { "cve": "CVE-2013-0809", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2013-03-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "917550" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Specially crafted sample model integer overflow (2D, 8007014)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0809" }, { "category": "external", "summary": "RHBZ#917550", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917550" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0809", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0809" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0809", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0809" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html", "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html" } ], "release_date": "2013-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: Specially crafted sample model integer overflow (2D, 8007014)" }, { "cve": "CVE-2013-1473", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "906933" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-1473" }, { "category": "external", "summary": "RHBZ#906933", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906933" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1473", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1473" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1473", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1473" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)" }, { "cve": "CVE-2013-1476", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "907457" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via \"certain value handler constructors.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-1476" }, { "category": "external", "summary": "RHBZ#907457", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907457" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1476", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1476" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1476", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1476" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631)" }, { "cve": "CVE-2013-1478", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "906894" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"insufficient validation of raster parameters\" that can trigger an integer overflow and memory corruption.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: image parser insufficient raster parameter checks (2D, 8001972)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-1478" }, { "category": "external", "summary": "RHBZ#906894", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906894" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1478", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1478" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1478", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1478" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: image parser insufficient raster parameter checks (2D, 8001972)" }, { "cve": "CVE-2013-1480", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "906904" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"insufficient validation of raster parameters\" in awt_parseImage.c, which triggers memory corruption.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-1480" }, { "category": "external", "summary": "RHBZ#906904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906904" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1480", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1480" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1480", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1480" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325)" }, { "cve": "CVE-2013-1481", "discovery_date": "2013-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "907224" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u39 (Sound)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-1481" }, { "category": "external", "summary": "RHBZ#907224", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907224" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1481", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1481" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1481", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1481" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" } ], "release_date": "2013-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability fixed in 6u39 (Sound)" }, { "cve": "CVE-2013-1486", "discovery_date": "2013-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "913014" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-1486" }, { "category": "external", "summary": "RHBZ#913014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913014" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1486", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1486" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1486", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1486" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html" } ], "release_date": "2013-02-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446)" }, { "cve": "CVE-2013-1487", "discovery_date": "2013-02-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "913030" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u41 and 7u15 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-1487" }, { "category": "external", "summary": "RHBZ#913030", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913030" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1487", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1487" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1487", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1487" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html" } ], "release_date": "2013-02-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability fixed in 6u41 and 7u15 (Deployment)" }, { "cve": "CVE-2013-1491", "discovery_date": "2013-03-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "920248" } ], "notes": [ { "category": "description", "text": "The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified sanbox bypass (CanSecWest 2013, 2D)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-1491" }, { "category": "external", "summary": "RHBZ#920248", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=920248" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1491", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1491" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1491", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1491" } ], "release_date": "2013-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified sanbox bypass (CanSecWest 2013, 2D)" }, { "cve": "CVE-2013-1493", "discovery_date": "2013-03-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "917553" } ], "notes": [ { "category": "description", "text": "The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: CMM malformed raster memory corruption (2D, 8007675)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-1493" }, { "category": "external", "summary": "RHBZ#917553", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917553" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1493", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1493" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1493", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1493" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html", "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html" } ], "release_date": "2013-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: CMM malformed raster memory corruption (2D, 8007675)" }, { "acknowledgments": [ { "names": [ "Tim Brown" ] } ], "cve": "CVE-2013-1500", "discovery_date": "2013-01-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975148" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Insecure shared memory permissions (2D, 8001034)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-1500" }, { "category": "external", "summary": "RHBZ#975148", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975148" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1500", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1500" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1500", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1500" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK: Insecure shared memory permissions (2D, 8001034)" }, { "cve": "CVE-2013-1537", "discovery_date": "2013-04-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "952387" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the default java.rmi.server.useCodebaseOnly setting of false, which allows remote attackers to perform \"dynamic class downloading\" and execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: remote code loading enabled by default (RMI, 8001040)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-1537" }, { "category": "external", "summary": "RHBZ#952387", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952387" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1537", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1537" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1537", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1537" } ], "release_date": "2013-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: remote code loading enabled by default (RMI, 8001040)" }, { "cve": "CVE-2013-1540", "discovery_date": "2013-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "953166" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2433.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-1540" }, { "category": "external", "summary": "RHBZ#953166", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953166" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1540", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1540" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1540", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1540" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" } ], "release_date": "2013-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)" }, { "cve": "CVE-2013-1557", "discovery_date": "2013-04-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "952648" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"missing security restrictions\" in the LogStream.setDefaultStream method.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-1557" }, { "category": "external", "summary": "RHBZ#952648", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952648" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1557", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1557" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1557", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1557" } ], "release_date": "2013-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329)" }, { "cve": "CVE-2013-1563", "discovery_date": "2013-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "953172" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Install)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-1563" }, { "category": "external", "summary": "RHBZ#953172", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953172" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1563", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1563" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1563", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1563" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" } ], "release_date": "2013-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Install)" }, { "cve": "CVE-2013-1569", "discovery_date": "2013-04-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "952711" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"checking of [a] glyph table\" in the International Components for Unicode (ICU) Layout Engine before 51.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004994)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-1569" }, { "category": "external", "summary": "RHBZ#952711", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952711" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1569", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1569" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1569", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1569" } ], "release_date": "2013-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004994)" }, { "acknowledgments": [ { "names": [ "US-CERT" ] } ], "cve": "CVE-2013-1571", "discovery_date": "2013-06-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "973474" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Frame injection in generated HTML (Javadoc, 8012375)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-1571" }, { "category": "external", "summary": "RHBZ#973474", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=973474" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1571", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1571" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1571", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1571" }, { "category": "external", "summary": "http://www.kb.cert.org/vuls/id/225657", "url": "http://www.kb.cert.org/vuls/id/225657" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Frame injection in generated HTML (Javadoc, 8012375)" }, { "cve": "CVE-2013-2383", "discovery_date": "2013-04-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "952708" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"handling of [a] glyph table\" in the International Components for Unicode (ICU) Layout Engine before 51.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004986)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2383" }, { "category": "external", "summary": "RHBZ#952708", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952708" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2383", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2383" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2383", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2383" } ], "release_date": "2013-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004986)" }, { "cve": "CVE-2013-2384", "discovery_date": "2013-04-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "952709" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"font layout\" in the International Components for Unicode (ICU) Layout Engine before 51.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004987)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2384" }, { "category": "external", "summary": "RHBZ#952709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952709" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2384", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2384" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2384", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2384" } ], "release_date": "2013-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004987)" }, { "cve": "CVE-2013-2394", "discovery_date": "2013-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "953265" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2432 and CVE-2013-1491.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2394" }, { "category": "external", "summary": "RHBZ#953265", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953265" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2394", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2394" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2394", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2394" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" } ], "release_date": "2013-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)" }, { "cve": "CVE-2013-2407", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975127" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"XML security and the class loader.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2407" }, { "category": "external", "summary": "RHBZ#975127", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975127" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2407", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2407" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2407", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2407" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744)" }, { "cve": "CVE-2013-2412", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975144" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient indication of an SSL connection failure by JConsole, related to RMI connection dialog box.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: JConsole SSL support (Serviceability, 8003703)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2412" }, { "category": "external", "summary": "RHBZ#975144", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975144" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2412", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2412" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2412", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2412" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: JConsole SSL support (Serviceability, 8003703)" }, { "cve": "CVE-2013-2417", "discovery_date": "2013-04-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "952657" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an information leak involving InetAddress serialization. CVE has not investigated the apparent discrepancy between vendor reports regarding the impact of this issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Network InetAddress serialization information disclosure (Networking, 8000724)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2417" }, { "category": "external", "summary": "RHBZ#952657", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952657" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2417", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2417" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2417", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2417" } ], "release_date": "2013-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Network InetAddress serialization information disclosure (Networking, 8000724)" }, { "cve": "CVE-2013-2418", "discovery_date": "2013-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "953267" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2418" }, { "category": "external", "summary": "RHBZ#953267", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953267" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2418", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2418" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2418", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2418" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" } ], "release_date": "2013-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)" }, { "cve": "CVE-2013-2419", "discovery_date": "2013-04-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "952656" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"font processing errors\" in the International Components for Unicode (ICU) Layout Engine before 51.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "ICU: Layout Engine font processing errors (JDK 2D, 8001031)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2419" }, { "category": "external", "summary": "RHBZ#952656", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952656" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2419", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2419" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2419", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2419" } ], "release_date": "2013-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ICU: Layout Engine font processing errors (JDK 2D, 8001031)" }, { "cve": "CVE-2013-2420", "discovery_date": "2013-04-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "952638" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient \"validation of images\" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: image processing vulnerability (2D, 8007617)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2420" }, { "category": "external", "summary": "RHBZ#952638", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952638" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2420", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2420" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2420", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2420" } ], "release_date": "2013-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: image processing vulnerability (2D, 8007617)" }, { "cve": "CVE-2013-2422", "discovery_date": "2013-04-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "952642" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper method-invocation restrictions by the MethodUtil trampoline class, which allows remote attackers to bypass the Java sandbox.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: MethodUtil trampoline class incorrect restrictions (Libraries, 8009857)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2422" }, { "category": "external", "summary": "RHBZ#952642", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952642" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2422", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2422" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2422", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2422" } ], "release_date": "2013-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: MethodUtil trampoline class incorrect restrictions (Libraries, 8009857)" }, { "cve": "CVE-2013-2424", "discovery_date": "2013-04-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "952509" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"insufficient class access checks\" when \"creating new instances\" using MBeanInstantiator.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: MBeanInstantiator insufficient class access checks (JMX, 8006435)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2424" }, { "category": "external", "summary": "RHBZ#952509", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952509" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2424", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2424" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2424", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2424" } ], "release_date": "2013-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: MBeanInstantiator insufficient class access checks (JMX, 8006435)" }, { "cve": "CVE-2013-2429", "discovery_date": "2013-04-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "952521" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"JPEGImageWriter state corruption\" when using native code, which triggers memory corruption.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2429" }, { "category": "external", "summary": "RHBZ#952521", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952521" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2429", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2429" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2429", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2429" } ], "release_date": "2013-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918)" }, { "cve": "CVE-2013-2430", "discovery_date": "2013-04-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "952524" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"JPEGImageReader state corruption\" when using native code.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: JPEGImageReader state corruption (ImageIO, 8007667)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2430" }, { "category": "external", "summary": "RHBZ#952524", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952524" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2430", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2430" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2430", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2430" } ], "release_date": "2013-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: JPEGImageReader state corruption (ImageIO, 8007667)" }, { "cve": "CVE-2013-2432", "discovery_date": "2013-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "953269" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2394 and CVE-2013-1491.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2432" }, { "category": "external", "summary": "RHBZ#953269", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953269" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2432", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2432" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2432", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2432" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" } ], "release_date": "2013-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)" }, { "cve": "CVE-2013-2433", "discovery_date": "2013-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "953270" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2433" }, { "category": "external", "summary": "RHBZ#953270", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953270" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2433", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2433" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2433", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2433" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" } ], "release_date": "2013-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)" }, { "cve": "CVE-2013-2435", "discovery_date": "2013-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "953273" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2440.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2435" }, { "category": "external", "summary": "RHBZ#953273", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953273" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2435", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2435" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2435", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2435" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" } ], "release_date": "2013-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)" }, { "cve": "CVE-2013-2437", "discovery_date": "2013-06-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975773" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 7u25 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2437" }, { "category": "external", "summary": "RHBZ#975773", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975773" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2437", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2437" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2437", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2437" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK: unspecified vulnerability fixed in 7u25 (Deployment)" }, { "cve": "CVE-2013-2440", "discovery_date": "2013-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "953275" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2435.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2440" }, { "category": "external", "summary": "RHBZ#953275", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953275" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2440", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2440" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2440", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2440" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" } ], "release_date": "2013-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)" }, { "cve": "CVE-2013-2442", "discovery_date": "2013-06-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975770" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2466 and CVE-2013-2468.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 7u25 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2442" }, { "category": "external", "summary": "RHBZ#975770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2442", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2442" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2442", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2442" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK: unspecified vulnerability fixed in 7u25 (Deployment)" }, { "cve": "CVE-2013-2443", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975137" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect \"checking order\" within the AccessControlContext class.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: AccessControlContext check order issue (Libraries, 8001330)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2443" }, { "category": "external", "summary": "RHBZ#975137", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975137" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2443", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2443" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2443", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2443" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: AccessControlContext check order issue (Libraries, 8001330)" }, { "cve": "CVE-2013-2444", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975131" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not \"properly manage and restrict certain resources related to the processing of fonts,\" possibly involving temporary files.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Resource denial of service (AWT, 8001038)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2444" }, { "category": "external", "summary": "RHBZ#975131", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975131" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2444", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2444" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2444", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2444" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Resource denial of service (AWT, 8001038)" }, { "cve": "CVE-2013-2446", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975132" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly enforce access restrictions for CORBA output streams.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: output stream access restrictions (CORBA, 8000642)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2446" }, { "category": "external", "summary": "RHBZ#975132", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975132" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2446", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2446" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2446", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2446" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: output stream access restrictions (CORBA, 8000642)" }, { "cve": "CVE-2013-2447", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975140" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to obtain a socket\u0027s local address via vectors involving inconsistencies between Socket.getLocalAddress and InetAddress.getLocalHost.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Prevent revealing the local address (Networking, 8001318)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2447" }, { "category": "external", "summary": "RHBZ#975140", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975140" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2447", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2447" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2447", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2447" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Prevent revealing the local address (Networking, 8001318)" }, { "cve": "CVE-2013-2448", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975125" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient \"access restrictions\" and \"robustness of sound classes.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Better access restrictions (Sound, 8006328)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2448" }, { "category": "external", "summary": "RHBZ#975125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975125" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2448", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2448" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2448", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2448" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Better access restrictions (Sound, 8006328)" }, { "cve": "CVE-2013-2450", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975141" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper handling of circular references in ObjectStreamClass.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2450" }, { "category": "external", "summary": "RHBZ#975141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975141" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2450", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2450" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638)" }, { "cve": "CVE-2013-2451", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975146" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: exclusive port binding (Networking, 7170730)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2451" }, { "category": "external", "summary": "RHBZ#975146", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975146" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2451", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2451" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2451", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2451" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK: exclusive port binding (Networking, 7170730)" }, { "cve": "CVE-2013-2452", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975138" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"network address handling in virtual machine identifiers\" and the lack of \"unique and unpredictable IDs\" in the java.rmi.dgc.VMID class.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Unique VMIDs (Libraries, 8001033)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2452" }, { "category": "external", "summary": "RHBZ#975138", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975138" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2452", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2452" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2452", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2452" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Unique VMIDs (Libraries, 8001033)" }, { "cve": "CVE-2013-2453", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975134" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for \"package access\" by the MBeanServer Introspector.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: MBeanServer Introspector package access (JMX, 8008124)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2453" }, { "category": "external", "summary": "RHBZ#975134", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975134" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2453", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2453" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2453", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2453" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: MBeanServer Introspector package access (JMX, 8008124)" }, { "cve": "CVE-2013-2454", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975129" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: SerialJavaObject package restriction (JDBC, 8009554)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2454" }, { "category": "external", "summary": "RHBZ#975129", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975129" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2454", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2454" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2454", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2454" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: SerialJavaObject package restriction (JDBC, 8009554)" }, { "cve": "CVE-2013-2455", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975139" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2452. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect access checks by the (1) getEnclosingClass, (2) getEnclosingMethod, and (3) getEnclosingConstructor methods.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: getEnclosing* checks (Libraries, 8007812)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2455" }, { "category": "external", "summary": "RHBZ#975139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975139" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2455", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2455" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2455", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2455" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: getEnclosing* checks (Libraries, 8007812)" }, { "cve": "CVE-2013-2456", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975142" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: ObjectOutputStream access checks (Serialization, 8008132)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2456" }, { "category": "external", "summary": "RHBZ#975142", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975142" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2456", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2456" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2456", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2456" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: ObjectOutputStream access checks (Serialization, 8008132)" }, { "cve": "CVE-2013-2457", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975133" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect implementation of \"certain class checks\" that allows remote attackers to bypass intended class restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Proper class checking (JMX, 8008120)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2457" }, { "category": "external", "summary": "RHBZ#975133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2457", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2457" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2457", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2457" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Proper class checking (JMX, 8008120)" }, { "cve": "CVE-2013-2459", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975121" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"integer overflow checks.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Various AWT integer overflow checks (AWT, 8009071)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2459" }, { "category": "external", "summary": "RHBZ#975121", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975121" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2459", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2459" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2459", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2459" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: Various AWT integer overflow checks (AWT, 8009071)" }, { "cve": "CVE-2013-2463", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975115" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"Incorrect image attribute verification\" in 2D.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Incorrect image attribute verification (2D, 8012438)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2463" }, { "category": "external", "summary": "RHBZ#975115", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975115" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2463", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2463" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2463", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2463" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: Incorrect image attribute verification (2D, 8012438)" }, { "cve": "CVE-2013-2464", "discovery_date": "2013-06-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975757" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, and CVE-2013-2473.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 7u25 (2D)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2464" }, { "category": "external", "summary": "RHBZ#975757", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975757" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2464", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2464" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2464", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2464" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability fixed in 7u25 (2D)" }, { "cve": "CVE-2013-2465", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975118" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"Incorrect image channel verification\" in 2D.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Incorrect image channel verification (2D, 8012597)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2465" }, { "category": "external", "summary": "RHBZ#975118", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975118" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2465", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2465" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2465", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2465" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-03-28T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: Incorrect image channel verification (2D, 8012597)" }, { "cve": "CVE-2013-2466", "discovery_date": "2013-06-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975764" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2468.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 7u25 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2466" }, { "category": "external", "summary": "RHBZ#975764", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975764" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2466", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2466" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2466", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2466" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability fixed in 7u25 (Deployment)" }, { "cve": "CVE-2013-2468", "discovery_date": "2013-06-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975761" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2466.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 7u25 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2468" }, { "category": "external", "summary": "RHBZ#975761", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975761" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2468", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2468" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2468", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2468" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability fixed in 7u25 (Deployment)" }, { "cve": "CVE-2013-2469", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975120" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"Incorrect image layout verification\" in 2D.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Incorrect image layout verification (2D, 8012601)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2469" }, { "category": "external", "summary": "RHBZ#975120", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975120" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2469", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2469" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2469", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2469" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: Incorrect image layout verification (2D, 8012601)" }, { "cve": "CVE-2013-2470", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975099" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"ImagingLib byte lookup processing.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: ImagingLib byte lookup processing (2D, 8011243)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2470" }, { "category": "external", "summary": "RHBZ#975099", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975099" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2470", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2470" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2470", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2470" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: ImagingLib byte lookup processing (2D, 8011243)" }, { "cve": "CVE-2013-2471", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975102" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"Incorrect IntegerComponentRaster size checks.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2471" }, { "category": "external", "summary": "RHBZ#975102", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975102" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2471", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2471" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2471", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2471" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248)" }, { "cve": "CVE-2013-2472", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975107" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"Incorrect ShortBandedRaster size checks\" in 2D.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2472" }, { "category": "external", "summary": "RHBZ#975107", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975107" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2472", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2472" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2472", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2472" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253)" }, { "cve": "CVE-2013-2473", "discovery_date": "2013-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975110" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"Incorrect ByteBandedRaster size checks\" in 2D.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2473" }, { "category": "external", "summary": "RHBZ#975110", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975110" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2473", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2473" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2473", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2473" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257)" }, { "cve": "CVE-2013-3743", "discovery_date": "2013-06-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "975767" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u51 and 5u51 (AWT)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-3743" }, { "category": "external", "summary": "RHBZ#975767", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975767" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-3743", "url": "https://www.cve.org/CVERecord?id=CVE-2013-3743" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-3743", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3743" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" } ], "release_date": "2013-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-10-23T16:26:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1456" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.src", "5Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x", "5Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.src", "6Server-Satellite55:java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x", "6Server-Satellite55:java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability fixed in 6u51 and 5u51 (AWT)" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.