Executive Summary
Summary | |
---|---|
Title | java-1.6.0-sun security update |
Informations | |||
---|---|---|---|
Name | RHSA-2015:0858 | First vendor Publication | 2015-04-20 |
Vendor | RedHat | Last vendor Modification | 2015-04-20 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 95 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 606442 - CVE-2005-1080 jar: directory traversal vulnerability 1210355 - CVE-2015-0478 OpenJDK: RSA implementation hardening (JCE, 8071726) 1210829 - CVE-2015-0469 ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) 1211285 - CVE-2015-0460 OpenJDK: incorrect handling of phantom references (Hotspot, 8071931) 1211299 - CVE-2015-0477 OpenJDK: incorrect permissions check in resource loading (Beans, 8068320) 1211504 - CVE-2015-0480 OpenJDK: jar directory traversal issues (Tools, 8064601) 1211543 - CVE-2015-0488 OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720) 1211768 - CVE-2015-0459 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D) 1211769 - CVE-2015-0491 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D) 1211771 - CVE-2015-0458 Oracle JDK: unspecified vulnerability fixed in 6u95, 7u79 and 8u45 (Deployment) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2015-0858.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:28599 | |||
Oval ID: | oval:org.mitre.oval:def:28599 | ||
Title: | RHSA-2015:0806 -- java-1.7.0-openjdk security update (Critical) | ||
Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2015:0806 CESA-2015:0806-CentOS 7 CESA-2015:0806-CentOS 6 CVE-2005-1080 CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 7 CentOS Linux 6 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29084 | |||
Oval ID: | oval:org.mitre.oval:def:29084 | ||
Title: | RHSA-2015:0807 -- java-1.7.0-openjdk security update (Important) | ||
Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2015:0807 CESA-2015:0807 CVE-2005-1080 CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29136 | |||
Oval ID: | oval:org.mitre.oval:def:29136 | ||
Title: | RHSA-2015:0809 -- java-1.8.0-openjdk security update (Important) | ||
Description: | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2015:0809 CESA-2015:0809-CentOS 7 CESA-2015:0809-CentOS 6 CVE-2005-1080 CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 7 CentOS Linux 6 | Product(s): | java-1.8.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29140 | |||
Oval ID: | oval:org.mitre.oval:def:29140 | ||
Title: | RHSA-2015:0808 -- java-1.6.0-openjdk security update (Important) | ||
Description: | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2015:0808 CESA-2015:0808-CentOS 7 CESA-2015:0808-CentOS 6 CESA-2015:0808-CentOS 5 CVE-2005-1080 CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 7 CentOS Linux 6 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 4 | |
Application | 4 | |
Application | 1 | |
Application | 2 | |
Os | 1 | |
Os | 1 | |
Os | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2010-06-25 | Name : Mandriva Update for fastjar MDVSA-2010:122 (fastjar) File : nvt/gb_mandriva_MDVSA_2010_122.nasl |
2008-09-04 | Name : FreeBSD Ports: jdk File : nvt/freebsd_jdk.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
15435 | Sun JDK / SDK Jar Handling Traversal Arbitrary File Overwrite The Jar utility provided with Java's JDK/SDK allows the extraction of files with names that traverse the directory structure of host system. This could be used to create a malicious Jar that will overwrite arbitrary files on the host system when it is extracted. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201603-11.nasl - Type : ACT_GATHER_INFO |
2016-01-14 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0113-1.nasl - Type : ACT_GATHER_INFO |
2015-12-16 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2168-2.nasl - Type : ACT_GATHER_INFO |
2015-12-09 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2216-1.nasl - Type : ACT_GATHER_INFO |
2015-12-04 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2182-1.nasl - Type : ACT_GATHER_INFO |
2015-12-03 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2168-1.nasl - Type : ACT_GATHER_INFO |
2015-12-03 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2166-1.nasl - Type : ACT_GATHER_INFO |
2015-07-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3316.nasl - Type : ACT_GATHER_INFO |
2015-06-29 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1086-4.nasl - Type : ACT_GATHER_INFO |
2015-06-26 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1138-1.nasl - Type : ACT_GATHER_INFO |
2015-06-26 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1086-3.nasl - Type : ACT_GATHER_INFO |
2015-06-23 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1086-2.nasl - Type : ACT_GATHER_INFO |
2015-06-19 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1085-1.nasl - Type : ACT_GATHER_INFO |
2015-06-19 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1086-1.nasl - Type : ACT_GATHER_INFO |
2015-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1091.nasl - Type : ACT_GATHER_INFO |
2015-06-10 | Name : The remote AIX host has a version of Java SDK installed that is affected by m... File : aix_java_april2015_advisory.nasl - Type : ACT_GATHER_INFO |
2015-05-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1021.nasl - Type : ACT_GATHER_INFO |
2015-05-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1020.nasl - Type : ACT_GATHER_INFO |
2015-05-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1007.nasl - Type : ACT_GATHER_INFO |
2015-05-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1006.nasl - Type : ACT_GATHER_INFO |
2015-05-08 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-150419.nasl - Type : ACT_GATHER_INFO |
2015-05-07 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-517.nasl - Type : ACT_GATHER_INFO |
2015-05-01 | Name : The remote Debian host is missing a security update. File : debian_DLA-213.nasl - Type : ACT_GATHER_INFO |
2015-04-28 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-332.nasl - Type : ACT_GATHER_INFO |
2015-04-28 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-331.nasl - Type : ACT_GATHER_INFO |
2015-04-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-212.nasl - Type : ACT_GATHER_INFO |
2015-04-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3234.nasl - Type : ACT_GATHER_INFO |
2015-04-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3235.nasl - Type : ACT_GATHER_INFO |
2015-04-27 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-516.nasl - Type : ACT_GATHER_INFO |
2015-04-27 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-515.nasl - Type : ACT_GATHER_INFO |
2015-04-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2574-1.nasl - Type : ACT_GATHER_INFO |
2015-04-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2573-1.nasl - Type : ACT_GATHER_INFO |
2015-04-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0858.nasl - Type : ACT_GATHER_INFO |
2015-04-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0857.nasl - Type : ACT_GATHER_INFO |
2015-04-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0854.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0806.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0806.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0807.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0808.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0809.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_apr_2015.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_apr_2015_unix.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_jrockit_cpu_apr_2015.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0807.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0808.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0809.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150415_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150415_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150415_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150415_java_1_8_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2015-04-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0807.nasl - Type : ACT_GATHER_INFO |
2015-04-15 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0809.nasl - Type : ACT_GATHER_INFO |
2015-04-15 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0808.nasl - Type : ACT_GATHER_INFO |
2015-04-15 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0806.nasl - Type : ACT_GATHER_INFO |
2010-06-23 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-122.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_18e5428fae7c11d9837d000e0c2e438a.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-04-22 13:28:49 |
|
2015-04-20 17:25:25 |
|