rhsa-2015_0264
Vulnerability from csaf_redhat
Published
2015-02-24 13:44
Modified
2024-09-13 10:11
Summary
Red Hat Security Advisory: Red Hat Satellite IBM Java Runtime security update
Notes
Topic
Updated java-1.6.0-ibm packages that fix several security issues are now
available for Red Hat Satellite 5.6.
Red Hat Product Security has rated this update as having Low security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
This update corrects several security vulnerabilities in the IBM Java
Runtime Environment shipped as part of Red Hat Satellite 5.6. In a typical
operating environment, these are of low security risk as the runtime is not
used on untrusted applets.
Several flaws were fixed in the IBM Java 2 Runtime Environment.
(CVE-2014-3065, CVE-2014-3068, CVE-2014-3566, CVE-2014-4209, CVE-2014-4218,
CVE-2014-4219, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262,
CVE-2014-4263, CVE-2014-4265, CVE-2014-4288, CVE-2014-6457, CVE-2014-6458,
CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506,
CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6531, CVE-2014-6532,
CVE-2014-6558, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593,
CVE-2014-8891, CVE-2014-8892, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406,
CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412)
The CVE-2014-4262 and CVE-2014-6512 issues were discovered by Florian
Weimer of Red Hat Product Security.
Users of Red Hat Satellite 5.6 are advised to upgrade to these updated
packages, which contain the IBM Java SE 6 SR16-FP3 release. For this
update to take effect, Red Hat Satellite must be restarted
("/usr/sbin/rhn-satellite restart"), as well as all running instances of
IBM Java.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated java-1.6.0-ibm packages that fix several security issues are now\navailable for Red Hat Satellite 5.6.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Satellite 5.6. In a typical\noperating environment, these are of low security risk as the runtime is not\nused on untrusted applets.\n\nSeveral flaws were fixed in the IBM Java 2 Runtime Environment.\n(CVE-2014-3065, CVE-2014-3068, CVE-2014-3566, CVE-2014-4209, CVE-2014-4218,\nCVE-2014-4219, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262,\nCVE-2014-4263, CVE-2014-4265, CVE-2014-4288, CVE-2014-6457, CVE-2014-6458,\nCVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506,\nCVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6531, CVE-2014-6532,\nCVE-2014-6558, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593,\nCVE-2014-8891, CVE-2014-8892, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406,\nCVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412)\n\nThe CVE-2014-4262 and CVE-2014-6512 issues were discovered by Florian\nWeimer of Red Hat Product Security.\n\nUsers of Red Hat Satellite 5.6 are advised to upgrade to these updated\npackages, which contain the IBM Java SE 6 SR16-FP3 release. For this\nupdate to take effect, Red Hat Satellite must be restarted\n(\"/usr/sbin/rhn-satellite restart\"), as well as all running instances of\nIBM Java.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:0264",
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "https://www.ibm.com/developerworks/java/jdk/alerts/",
"url": "https://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"category": "external",
"summary": "1071210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1071210"
},
{
"category": "external",
"summary": "1075795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1075795"
},
{
"category": "external",
"summary": "1119475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119475"
},
{
"category": "external",
"summary": "1119476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119476"
},
{
"category": "external",
"summary": "1119596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119596"
},
{
"category": "external",
"summary": "1119608",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119608"
},
{
"category": "external",
"summary": "1119611",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119611"
},
{
"category": "external",
"summary": "1119613",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119613"
},
{
"category": "external",
"summary": "1119912",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119912"
},
{
"category": "external",
"summary": "1119913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119913"
},
{
"category": "external",
"summary": "1150155",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1150155"
},
{
"category": "external",
"summary": "1150651",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1150651"
},
{
"category": "external",
"summary": "1150669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1150669"
},
{
"category": "external",
"summary": "1151046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151046"
},
{
"category": "external",
"summary": "1151063",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151063"
},
{
"category": "external",
"summary": "1151517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151517"
},
{
"category": "external",
"summary": "1152756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152756"
},
{
"category": "external",
"summary": "1152757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152757"
},
{
"category": "external",
"summary": "1152759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152759"
},
{
"category": "external",
"summary": "1152760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152760"
},
{
"category": "external",
"summary": "1152761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152761"
},
{
"category": "external",
"summary": "1152763",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152763"
},
{
"category": "external",
"summary": "1152766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152766"
},
{
"category": "external",
"summary": "1152789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789"
},
{
"category": "external",
"summary": "1162554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1162554"
},
{
"category": "external",
"summary": "1164201",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1164201"
},
{
"category": "external",
"summary": "1183021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183021"
},
{
"category": "external",
"summary": "1183023",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183023"
},
{
"category": "external",
"summary": "1183031",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183031"
},
{
"category": "external",
"summary": "1183043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183043"
},
{
"category": "external",
"summary": "1183044",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183044"
},
{
"category": "external",
"summary": "1183049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183049"
},
{
"category": "external",
"summary": "1183645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183645"
},
{
"category": "external",
"summary": "1183646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183646"
},
{
"category": "external",
"summary": "1183715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183715"
},
{
"category": "external",
"summary": "1184275",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184275"
},
{
"category": "external",
"summary": "1184277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184277"
},
{
"category": "external",
"summary": "1189142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1189142"
},
{
"category": "external",
"summary": "1189145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1189145"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2015/rhsa-2015_0264.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Satellite IBM Java Runtime security update",
"tracking": {
"current_release_date": "2024-09-13T10:11:12+00:00",
"generator": {
"date": "2024-09-13T10:11:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2015:0264",
"initial_release_date": "2015-02-24T13:44:15+00:00",
"revision_history": [
{
"date": "2015-02-24T13:44:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-02-24T13:44:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T10:11:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 5.6 (RHEL v.5)",
"product": {
"name": "Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite:5.6::el5"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 5.6 (RHEL v.6)",
"product": {
"name": "Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite:5.6::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"product": {
"name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"product_id": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.16.3-1jpp.1.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"product": {
"name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"product_id": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.16.3-1jpp.1.el6?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"product": {
"name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"product_id": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.16.3-1jpp.1.el5?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"product": {
"name": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"product_id": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.16.3-1jpp.1.el5?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"product": {
"name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"product_id": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.16.3-1jpp.1.el6?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"product": {
"name": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"product_id": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.16.3-1jpp.1.el6?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"product_id": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.16.3-1jpp.1.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"product_id": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.16.3-1jpp.1.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"product": {
"name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"product_id": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-ibm@1.6.0.16.3-1jpp.1.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"product": {
"name": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"product_id": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-ibm-devel@1.6.0.16.3-1jpp.1.el6?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x"
},
"product_reference": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src"
},
"product_reference": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64 as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x"
},
"product_reference": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64 as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x"
},
"product_reference": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src"
},
"product_reference": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64 as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64"
},
"product_reference": "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x"
},
"product_reference": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64 as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
},
"product_reference": "java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"relates_to_product_reference": "6Server-Satellite56"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-3065",
"discovery_date": "2014-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1162554"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: privilege escalation via shared class cache",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-3065"
},
{
"category": "external",
"summary": "RHBZ#1162554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1162554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-3065",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3065"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3065",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3065"
}
],
"release_date": "2014-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "JDK: privilege escalation via shared class cache"
},
{
"cve": "CVE-2014-3068",
"discovery_date": "2014-11-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1164201"
}
],
"notes": [
{
"category": "description",
"text": "IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: Java CMS keystore provider potentially allows brute-force private key recovery",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-3068"
},
{
"category": "external",
"summary": "RHBZ#1164201",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1164201"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-3068",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3068"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3068",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3068"
},
{
"category": "external",
"summary": "http://www-01.ibm.com/support/docview.wss?uid=swg21680334",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680334"
},
{
"category": "external",
"summary": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2014",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2014"
},
{
"category": "external",
"summary": "http://xforce.iss.net/xforce/xfdb/93756",
"url": "http://xforce.iss.net/xforce/xfdb/93756"
}
],
"release_date": "2014-11-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "JDK: Java CMS keystore provider potentially allows brute-force private key recovery"
},
{
"cve": "CVE-2014-3086",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2016-04-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1324547"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: Privilege escalation issue",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-3086"
},
{
"category": "external",
"summary": "RHBZ#1324547",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1324547"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-3086",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3086"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3086",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3086"
},
{
"category": "external",
"summary": "https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2014",
"url": "https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2014"
}
],
"release_date": "2014-07-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "JDK: Privilege escalation issue"
},
{
"cve": "CVE-2014-3566",
"cwe": {
"id": "CWE-757",
"name": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)"
},
"discovery_date": "2014-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1152789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the version of openssl as shipped with Red Hat Enterprise Linux 5, 6 and 7, Red Hat JBoss Enterprise Application Platform 5 and 6, and Red Hat JBoss Web Server 1 and 2, Red Hat Enterprise Virtualization Hypervisor 6.5, and Red Hat Storage 2.1.\n\nThis issue affects the version of nss as shipped with Red Hat Enterprise Linux 5, 6 and 7.\n\nAdditional information can be found in the Red Hat Knowledgebase article: \nhttps://access.redhat.com/articles/1232123",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-3566"
},
{
"category": "external",
"summary": "RHBZ#1152789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-3566",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3566"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3566",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3566"
}
],
"release_date": "2014-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack"
},
{
"cve": "CVE-2014-4209",
"discovery_date": "2014-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1119608"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: SubjectDelegator protection insufficient (JMX, 8029755)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4209"
},
{
"category": "external",
"summary": "RHBZ#1119608",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119608"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4209",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4209"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4209",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4209"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: SubjectDelegator protection insufficient (JMX, 8029755)"
},
{
"cve": "CVE-2014-4218",
"discovery_date": "2014-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1119611"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4218"
},
{
"category": "external",
"summary": "RHBZ#1119611",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119611"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4218",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4218"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4218",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4218"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009)"
},
{
"cve": "CVE-2014-4219",
"discovery_date": "2014-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1119596"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4219"
},
{
"category": "external",
"summary": "RHBZ#1119596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4219",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4219"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119)"
},
{
"cve": "CVE-2014-4227",
"discovery_date": "2014-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1119912"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 6u81, 7u65 and 8u11 (Deployment)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4227"
},
{
"category": "external",
"summary": "RHBZ#1119912",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119912"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4227",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4227"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4227",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4227"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "JDK: unspecified vulnerability fixed in 6u81, 7u65 and 8u11 (Deployment)"
},
{
"cve": "CVE-2014-4244",
"discovery_date": "2014-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1119475"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: RSA blinding issues (Security, 8031346)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4244"
},
{
"category": "external",
"summary": "RHBZ#1119475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4244"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4244",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4244"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: RSA blinding issues (Security, 8031346)"
},
{
"cve": "CVE-2014-4252",
"discovery_date": "2014-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1119613"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4252"
},
{
"category": "external",
"summary": "RHBZ#1119613",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119613"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4252",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4252"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4252",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4252"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004)"
},
{
"acknowledgments": [
{
"names": [
"Florian Weimer"
],
"organization": "Red Hat Product Security",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2014-4262",
"discovery_date": "2014-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1075795"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: AtomicReferenceFieldUpdater missing primitive type check (Libraries, 8039520)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4262"
},
{
"category": "external",
"summary": "RHBZ#1075795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1075795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4262",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4262"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4262",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4262"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: AtomicReferenceFieldUpdater missing primitive type check (Libraries, 8039520)"
},
{
"cve": "CVE-2014-4263",
"discovery_date": "2014-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1119476"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to \"Diffie-Hellman key agreement.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient Diffie-Hellman public key validation (Security, 8037162)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4263"
},
{
"category": "external",
"summary": "RHBZ#1119476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119476"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4263",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4263"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4263",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4263"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: insufficient Diffie-Hellman public key validation (Security, 8037162)"
},
{
"cve": "CVE-2014-4265",
"discovery_date": "2014-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1119913"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 6u81, 7u65 and 8u11 (Deployment)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4265"
},
{
"category": "external",
"summary": "RHBZ#1119913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119913"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4265",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4265"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4265",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4265"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "JDK: unspecified vulnerability fixed in 6u81, 7u65 and 8u11 (Deployment)"
},
{
"cve": "CVE-2014-4288",
"discovery_date": "2014-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1152761"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4288"
},
{
"category": "external",
"summary": "RHBZ#1152761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152761"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4288",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4288"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA"
}
],
"release_date": "2014-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)"
},
{
"cve": "CVE-2014-6457",
"discovery_date": "2014-10-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1151046"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-6457"
},
{
"category": "external",
"summary": "RHBZ#1151046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151046"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-6457",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6457"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6457",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6457"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA"
}
],
"release_date": "2014-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066)"
},
{
"cve": "CVE-2014-6458",
"discovery_date": "2014-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1152763"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-6458"
},
{
"category": "external",
"summary": "RHBZ#1152763",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152763"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-6458",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6458"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6458",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6458"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA"
}
],
"release_date": "2014-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)"
},
{
"cve": "CVE-2014-6492",
"discovery_date": "2014-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1152759"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-6492"
},
{
"category": "external",
"summary": "RHBZ#1152759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-6492",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6492"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA"
}
],
"release_date": "2014-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)"
},
{
"cve": "CVE-2014-6493",
"discovery_date": "2014-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1152760"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-6493"
},
{
"category": "external",
"summary": "RHBZ#1152760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152760"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-6493",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6493"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6493",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6493"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA"
}
],
"release_date": "2014-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)"
},
{
"cve": "CVE-2014-6502",
"discovery_date": "2014-10-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1150669"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-6502"
},
{
"category": "external",
"summary": "RHBZ#1150669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1150669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-6502",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6502"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6502",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6502"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA"
}
],
"release_date": "2014-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797)"
},
{
"cve": "CVE-2014-6503",
"discovery_date": "2014-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1152757"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-6503"
},
{
"category": "external",
"summary": "RHBZ#1152757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152757"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-6503",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6503"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6503",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6503"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA"
}
],
"release_date": "2014-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)"
},
{
"cve": "CVE-2014-6506",
"discovery_date": "2014-10-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1150155"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-6506"
},
{
"category": "external",
"summary": "RHBZ#1150155",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1150155"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-6506",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6506"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA"
}
],
"release_date": "2014-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)"
},
{
"cve": "CVE-2014-6511",
"discovery_date": "2014-10-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1151517"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-6511"
},
{
"category": "external",
"summary": "RHBZ#1151517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151517"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-6511",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6511"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6511",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6511"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA"
}
],
"release_date": "2014-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540)"
},
{
"acknowledgments": [
{
"names": [
"Florian Weimer"
],
"organization": "Red Hat Product Security",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2014-6512",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"discovery_date": "2014-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1071210"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-6512"
},
{
"category": "external",
"summary": "RHBZ#1071210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1071210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-6512",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6512"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6512",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6512"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA"
}
],
"release_date": "2014-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509)"
},
{
"cve": "CVE-2014-6515",
"discovery_date": "2014-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1152766"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-6515"
},
{
"category": "external",
"summary": "RHBZ#1152766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152766"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-6515",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6515"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6515",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6515"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA"
}
],
"release_date": "2014-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)"
},
{
"cve": "CVE-2014-6531",
"discovery_date": "2014-10-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1150651"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-6531"
},
{
"category": "external",
"summary": "RHBZ#1150651",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1150651"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6531"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6531",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6531"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA"
}
],
"release_date": "2014-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274)"
},
{
"cve": "CVE-2014-6532",
"discovery_date": "2014-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1152756"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-6532"
},
{
"category": "external",
"summary": "RHBZ#1152756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-6532",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6532"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6532",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6532"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA"
}
],
"release_date": "2014-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)"
},
{
"cve": "CVE-2014-6558",
"discovery_date": "2014-10-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1151063"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-6558"
},
{
"category": "external",
"summary": "RHBZ#1151063",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151063"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-6558",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6558"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA"
}
],
"release_date": "2014-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)"
},
{
"cve": "CVE-2014-6585",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2015-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1183645"
}
],
"notes": [
{
"category": "description",
"text": "A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ICU: font parsing OOB read (OpenJDK 2D, 8055489)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-6585"
},
{
"category": "external",
"summary": "RHBZ#1183645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-6585",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6585"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6585",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6585"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA"
}
],
"release_date": "2015-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ICU: font parsing OOB read (OpenJDK 2D, 8055489)"
},
{
"cve": "CVE-2014-6587",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2015-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1183715"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-6587"
},
{
"category": "external",
"summary": "RHBZ#1183715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183715"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-6587",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6587"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6587",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6587"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA"
}
],
"release_date": "2015-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)"
},
{
"cve": "CVE-2014-6591",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2015-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1183646"
}
],
"notes": [
{
"category": "description",
"text": "A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ICU: font parsing OOB read (OpenJDK 2D, 8056276)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-6591"
},
{
"category": "external",
"summary": "RHBZ#1183646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183646"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-6591",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6591"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6591",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6591"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA"
}
],
"release_date": "2015-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ICU: font parsing OOB read (OpenJDK 2D, 8056276)"
},
{
"cve": "CVE-2014-6593",
"discovery_date": "2015-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1183049"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-6593"
},
{
"category": "external",
"summary": "RHBZ#1183049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-6593",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6593"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6593",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6593"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA"
}
],
"release_date": "2015-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)"
},
{
"cve": "CVE-2014-8891",
"discovery_date": "2015-02-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1189142"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified full Java sandbox bypass fixed in Feb 2015 update",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-8891"
},
{
"category": "external",
"summary": "RHBZ#1189142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1189142"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-8891",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8891"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-8891",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8891"
}
],
"release_date": "2015-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "JDK: unspecified full Java sandbox bypass fixed in Feb 2015 update"
},
{
"cve": "CVE-2014-8892",
"discovery_date": "2015-02-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1189145"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified partial Java sandbox bypass fixed in Feb 2015 update",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-8892"
},
{
"category": "external",
"summary": "RHBZ#1189145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1189145"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-8892",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-8892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8892"
}
],
"release_date": "2015-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "JDK: unspecified partial Java sandbox bypass fixed in Feb 2015 update"
},
{
"cve": "CVE-2015-0395",
"discovery_date": "2015-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1183031"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-0395"
},
{
"category": "external",
"summary": "RHBZ#1183031",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183031"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0395"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0395",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0395"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA"
}
],
"release_date": "2015-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125)"
},
{
"cve": "CVE-2015-0403",
"discovery_date": "2015-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1184275"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-0403"
},
{
"category": "external",
"summary": "RHBZ#1184275",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184275"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-0403",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0403"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0403",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0403"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA"
}
],
"release_date": "2015-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment)"
},
{
"cve": "CVE-2015-0406",
"discovery_date": "2015-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1184277"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-0406"
},
{
"category": "external",
"summary": "RHBZ#1184277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184277"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-0406",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0406"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA"
}
],
"release_date": "2015-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment)"
},
{
"cve": "CVE-2015-0407",
"discovery_date": "2015-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1183043"
}
],
"notes": [
{
"category": "description",
"text": "An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: directory information leak via file chooser (Swing, 8055304)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-0407"
},
{
"category": "external",
"summary": "RHBZ#1183043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183043"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-0407",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0407"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA"
}
],
"release_date": "2015-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: directory information leak via file chooser (Swing, 8055304)"
},
{
"cve": "CVE-2015-0408",
"discovery_date": "2015-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1183023"
}
],
"notes": [
{
"category": "description",
"text": "An improper permission check issue was discovered in the RMI component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-0408"
},
{
"category": "external",
"summary": "RHBZ#1183023",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183023"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-0408",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0408"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0408",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0408"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA"
}
],
"release_date": "2015-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)"
},
{
"cve": "CVE-2015-0410",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2015-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1183044"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: DER decoder infinite loop (Security, 8059485)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-0410"
},
{
"category": "external",
"summary": "RHBZ#1183044",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183044"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-0410",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0410"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0410",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0410"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA"
}
],
"release_date": "2015-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: DER decoder infinite loop (Security, 8059485)"
},
{
"cve": "CVE-2015-0412",
"discovery_date": "2015-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1183021"
}
],
"notes": [
{
"category": "description",
"text": "An improper permission check issue was discovered in the JAX-WS component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-0412"
},
{
"category": "external",
"summary": "RHBZ#1183021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183021"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-0412",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0412"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA"
}
],
"release_date": "2015-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.src",
"5Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.s390x",
"5Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el5.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.src",
"6Server-Satellite56:java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6.x86_64",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.s390x",
"6Server-Satellite56:java-1.6.0-ibm-devel-1:1.6.0.16.3-1jpp.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)"
}
]
}
Loading...