rhsa-2015_0263
Vulnerability from csaf_redhat
Published
2015-02-24 13:20
Modified
2024-11-05 18:46
Summary
Red Hat Security Advisory: Red Hat Satellite IBM Java Runtime security update
Notes
Topic
Updated java-1.6.0-ibm packages that fix several security issues are now
available for Red Hat Satellite 5.7.
Red Hat Product Security has rated this update as having Low security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
This update corrects several security vulnerabilities in the IBM Java
Runtime Environment shipped as part of Red Hat Satellite 5.7. In a typical
operating environment, these are of low security risk as the runtime is not
used on untrusted applets.
Several flaws were fixed in the IBM Java 2 Runtime Environment.
(CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891,
CVE-2014-8892, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407,
CVE-2015-0408, CVE-2015-0410, CVE-2015-0412)
Users of Red Hat Satellite 5.7 are advised to upgrade to these updated
packages, which contain the IBM Java SE 6 SR16-FP3 release. For this
update to take effect, Red Hat Satellite must be restarted
("/usr/sbin/rhn-satellite restart"), as well as all running instances of
IBM Java.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated java-1.6.0-ibm packages that fix several security issues are now\navailable for Red Hat Satellite 5.7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "This update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Satellite 5.7. In a typical\noperating environment, these are of low security risk as the runtime is not\nused on untrusted applets.\n\nSeveral flaws were fixed in the IBM Java 2 Runtime Environment.\n(CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891,\nCVE-2014-8892, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407,\nCVE-2015-0408, CVE-2015-0410, CVE-2015-0412)\n\nUsers of Red Hat Satellite 5.7 are advised to upgrade to these updated\npackages, which contain the IBM Java SE 6 SR16-FP3 release. For this\nupdate to take effect, Red Hat Satellite must be restarted\n(\"/usr/sbin/rhn-satellite restart\"), as well as all running instances of\nIBM Java.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2015:0263", "url": "https://access.redhat.com/errata/RHSA-2015:0263" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "https://www.ibm.com/developerworks/java/jdk/alerts/", "url": "https://www.ibm.com/developerworks/java/jdk/alerts/" }, { "category": "external", "summary": "1183021", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183021" }, { "category": "external", "summary": "1183023", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183023" }, { "category": "external", "summary": "1183031", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183031" }, { "category": "external", "summary": "1183043", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183043" }, { "category": "external", "summary": "1183044", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183044" }, { "category": "external", "summary": "1183049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183049" }, { "category": "external", "summary": "1183645", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183645" }, { "category": "external", "summary": "1183646", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183646" }, { "category": "external", "summary": "1183715", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183715" }, { "category": "external", "summary": "1184275", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184275" }, { "category": "external", "summary": "1184277", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184277" }, { "category": "external", "summary": "1189142", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1189142" }, { "category": "external", "summary": "1189145", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1189145" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0263.json" } ], "title": "Red Hat Security Advisory: Red Hat Satellite IBM Java Runtime security update", "tracking": { "current_release_date": "2024-11-05T18:46:46+00:00", "generator": { "date": "2024-11-05T18:46:46+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2015:0263", "initial_release_date": "2015-02-24T13:20:03+00:00", "revision_history": [ { "date": "2015-02-24T13:20:03+00:00", "number": "1", "summary": "Initial version" }, { "date": "2015-02-24T13:20:04+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T18:46:46+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Satellite 5.7 (RHEL v.6)", "product": { "name": "Red Hat Satellite 5.7 (RHEL v.6)", "product_id": "6Server-Satellite57", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.7::el6" } } } ], "category": "product_family", "name": "Red Hat Satellite" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "product": { "name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "product_id": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.16.3-1jpp.1.el6?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "product": { "name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "product_id": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.16.3-1jpp.1.el6?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "product": { "name": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "product_id": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.16.3-1jpp.1.el6?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "product": { "name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "product_id": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.16.3-1jpp.1.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64", "product": { "name": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64", "product_id": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.16.3-1jpp.1.el6?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x as a component of Red Hat Satellite 5.7 (RHEL v.6)", "product_id": "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "relates_to_product_reference": "6Server-Satellite57" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src as a component of Red Hat Satellite 5.7 (RHEL v.6)", "product_id": "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "relates_to_product_reference": "6Server-Satellite57" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64 as a component of Red Hat Satellite 5.7 (RHEL v.6)", "product_id": "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64" }, "product_reference": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "relates_to_product_reference": "6Server-Satellite57" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x as a component of Red Hat Satellite 5.7 (RHEL v.6)", "product_id": "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x" }, "product_reference": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "relates_to_product_reference": "6Server-Satellite57" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64 as a component of Red Hat Satellite 5.7 (RHEL v.6)", "product_id": "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" }, "product_reference": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64", "relates_to_product_reference": "6Server-Satellite57" } ] }, "vulnerabilities": [ { "cve": "CVE-2014-6585", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2015-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1183645" } ], "notes": [ { "category": "description", "text": "A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "ICU: font parsing OOB read (OpenJDK 2D, 8055489)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-6585" }, { "category": "external", "summary": "RHBZ#1183645", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183645" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-6585", "url": "https://www.cve.org/CVERecord?id=CVE-2014-6585" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6585", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6585" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" } ], "release_date": "2015-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-02-24T13:20:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0263" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "ICU: font parsing OOB read (OpenJDK 2D, 8055489)" }, { "cve": "CVE-2014-6587", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2015-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1183715" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-6587" }, { "category": "external", "summary": "RHBZ#1183715", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183715" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-6587", "url": "https://www.cve.org/CVERecord?id=CVE-2014-6587" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6587", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6587" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" } ], "release_date": "2015-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-02-24T13:20:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0263" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)" }, { "cve": "CVE-2014-6591", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2015-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1183646" } ], "notes": [ { "category": "description", "text": "A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "ICU: font parsing OOB read (OpenJDK 2D, 8056276)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-6591" }, { "category": "external", "summary": "RHBZ#1183646", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183646" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-6591", "url": "https://www.cve.org/CVERecord?id=CVE-2014-6591" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6591", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6591" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" } ], "release_date": "2015-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-02-24T13:20:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0263" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "ICU: font parsing OOB read (OpenJDK 2D, 8056276)" }, { "cve": "CVE-2014-6593", "discovery_date": "2015-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1183049" } ], "notes": [ { "category": "description", "text": "It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-6593" }, { "category": "external", "summary": "RHBZ#1183049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-6593", "url": "https://www.cve.org/CVERecord?id=CVE-2014-6593" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6593", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6593" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" } ], "release_date": "2015-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-02-24T13:20:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0263" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)" }, { "cve": "CVE-2014-8891", "discovery_date": "2015-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1189142" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified full Java sandbox bypass fixed in Feb 2015 update", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-8891" }, { "category": "external", "summary": "RHBZ#1189142", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1189142" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-8891", "url": "https://www.cve.org/CVERecord?id=CVE-2014-8891" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-8891", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8891" } ], "release_date": "2015-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-02-24T13:20:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0263" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified full Java sandbox bypass fixed in Feb 2015 update" }, { "cve": "CVE-2014-8892", "discovery_date": "2015-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1189145" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified partial Java sandbox bypass fixed in Feb 2015 update", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-8892" }, { "category": "external", "summary": "RHBZ#1189145", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1189145" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-8892", "url": "https://www.cve.org/CVERecord?id=CVE-2014-8892" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-8892", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8892" } ], "release_date": "2015-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-02-24T13:20:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0263" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK: unspecified partial Java sandbox bypass fixed in Feb 2015 update" }, { "cve": "CVE-2015-0395", "discovery_date": "2015-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1183031" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0395" }, { "category": "external", "summary": "RHBZ#1183031", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183031" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0395", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0395" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0395", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0395" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" } ], "release_date": "2015-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-02-24T13:20:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0263" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125)" }, { "cve": "CVE-2015-0403", "discovery_date": "2015-01-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1184275" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0403" }, { "category": "external", "summary": "RHBZ#1184275", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184275" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0403", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0403" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0403", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0403" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" } ], "release_date": "2015-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-02-24T13:20:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0263" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "products": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment)" }, { "cve": "CVE-2015-0406", "discovery_date": "2015-01-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1184277" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0406" }, { "category": "external", "summary": "RHBZ#1184277", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184277" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0406", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0406" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0406", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0406" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" } ], "release_date": "2015-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-02-24T13:20:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0263" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, "products": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment)" }, { "cve": "CVE-2015-0407", "discovery_date": "2015-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1183043" } ], "notes": [ { "category": "description", "text": "An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: directory information leak via file chooser (Swing, 8055304)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0407" }, { "category": "external", "summary": "RHBZ#1183043", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183043" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0407", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0407" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0407", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0407" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" } ], "release_date": "2015-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-02-24T13:20:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0263" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: directory information leak via file chooser (Swing, 8055304)" }, { "cve": "CVE-2015-0408", "discovery_date": "2015-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1183023" } ], "notes": [ { "category": "description", "text": "An improper permission check issue was discovered in the RMI component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0408" }, { "category": "external", "summary": "RHBZ#1183023", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183023" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0408", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0408" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0408", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0408" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" } ], "release_date": "2015-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-02-24T13:20:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0263" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)" }, { "cve": "CVE-2015-0410", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2015-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1183044" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: DER decoder infinite loop (Security, 8059485)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0410" }, { "category": "external", "summary": "RHBZ#1183044", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183044" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0410", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0410" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0410", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0410" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" } ], "release_date": "2015-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-02-24T13:20:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0263" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: DER decoder infinite loop (Security, 8059485)" }, { "cve": "CVE-2015-0412", "discovery_date": "2015-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1183021" } ], "notes": [ { "category": "description", "text": "An improper permission check issue was discovered in the JAX-WS component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-0412" }, { "category": "external", "summary": "RHBZ#1183021", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183021" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0412", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0412" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0412", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0412" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" } ], "release_date": "2015-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-02-24T13:20:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:0263" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src", "6Server-Satellite57:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x", "6Server-Satellite57:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.