Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2009-1102
Vulnerability from cvelistv5
Published
2009-03-25 23:00
Modified
2024-08-07 04:57
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6722",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6722"
},
{
"name": "MDVSA-2009:137",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"name": "34632",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34632"
},
{
"name": "SSRT090058",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
},
{
"name": "SUSE-SA:2009:029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
},
{
"name": "37460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37460"
},
{
"name": "34489",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34489"
},
{
"name": "GLSA-200911-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "HPSBUX02429",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
},
{
"name": "254610",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1"
},
{
"name": "RHSA-2009:0377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
},
{
"name": "35255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35255"
},
{
"name": "ADV-2009-1426",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1426"
},
{
"name": "1021919",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021919"
},
{
"name": "MDVSA-2009:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "RHSA-2009:0392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
},
{
"name": "oval:org.mitre.oval:def:10300",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10300"
},
{
"name": "35223",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35223"
},
{
"name": "34240",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34240"
},
{
"name": "34496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34496"
},
{
"name": "HPSBMA02429",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
},
{
"name": "USN-748-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-748-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
},
{
"name": "37386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37386"
},
{
"name": "SUSE-SA:2009:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"code generation.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6722",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6722"
},
{
"name": "MDVSA-2009:137",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"name": "34632",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34632"
},
{
"name": "SSRT090058",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
},
{
"name": "SUSE-SA:2009:029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
},
{
"name": "37460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37460"
},
{
"name": "34489",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34489"
},
{
"name": "GLSA-200911-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "HPSBUX02429",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
},
{
"name": "254610",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1"
},
{
"name": "RHSA-2009:0377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
},
{
"name": "35255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35255"
},
{
"name": "ADV-2009-1426",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1426"
},
{
"name": "1021919",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021919"
},
{
"name": "MDVSA-2009:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "RHSA-2009:0392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
},
{
"name": "oval:org.mitre.oval:def:10300",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10300"
},
{
"name": "35223",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35223"
},
{
"name": "34240",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34240"
},
{
"name": "34496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34496"
},
{
"name": "HPSBMA02429",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
},
{
"name": "USN-748-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-748-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
},
{
"name": "37386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37386"
},
{
"name": "SUSE-SA:2009:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"code generation.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:6722",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6722"
},
{
"name": "MDVSA-2009:137",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"name": "34632",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34632"
},
{
"name": "SSRT090058",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
},
{
"name": "SUSE-SA:2009:029",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
},
{
"name": "37460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37460"
},
{
"name": "34489",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34489"
},
{
"name": "GLSA-200911-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "HPSBUX02429",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
},
{
"name": "254610",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1"
},
{
"name": "RHSA-2009:0377",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
},
{
"name": "35255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35255"
},
{
"name": "ADV-2009-1426",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1426"
},
{
"name": "1021919",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021919"
},
{
"name": "MDVSA-2009:162",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "RHSA-2009:0392",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
},
{
"name": "oval:org.mitre.oval:def:10300",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10300"
},
{
"name": "35223",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35223"
},
{
"name": "34240",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34240"
},
{
"name": "34496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34496"
},
{
"name": "HPSBMA02429",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
},
{
"name": "USN-748-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-748-1"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
},
{
"name": "37386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37386"
},
{
"name": "SUSE-SA:2009:016",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1102",
"datePublished": "2009-03-25T23:00:00",
"dateReserved": "2009-03-25T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2009-1102\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-03-25T23:30:00.390\",\"lastModified\":\"2024-11-21T01:01:42.293\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \\\"code generation.\\\"\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad sin especificar en la M\u00e1quina Virtual de Java en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) 6 Update 12 y anteriores, permite a atacantes remotos acceder a ficheros y ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores desconocidos relacionados con la \\\"generaci\u00f3n de c\u00f3digo\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:java:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DDA9F90-5D16-4E04-B285-D32C362279C6\"}]}]}],\"references\":[{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34489\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34496\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34632\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35223\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35255\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/37386\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/37460\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200911-02.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:137\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:162\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-0392.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/507985/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/34240\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1021919\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-748-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0016.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1426\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/3316\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10300\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6722\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2009-0377.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34489\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34496\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34632\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35223\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35255\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/37386\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/37460\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200911-02.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:137\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:162\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-0392.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/507985/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/34240\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1021919\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-748-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1426\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/3316\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10300\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6722\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2009-0377.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
RHSA-2009:0377
Vulnerability from csaf_redhat
Published
2009-04-07 18:36
Modified
2024-11-22 02:35
Summary
Red Hat Security Advisory: java-1.6.0-openjdk security update
Notes
Topic
Updated java-1.6.0-openjdk packages that fix several security issues are
now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)
contains the software and tools that users need to run applications written
using the Java programming language.
A flaw was found in the way that the Java Virtual Machine (JVM) handled
temporary font files. A malicious applet could use this flaw to use large
amounts of disk space, causing a denial of service. (CVE-2006-2426)
A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An
application using color profiles could use excessive amounts of memory, and
possibly crash after using all available memory, if used to open
specially-crafted images. (CVE-2009-0581)
Multiple integer overflow flaws which could lead to heap-based buffer
overflows, as well as multiple insufficient input validation flaws, were
found in the way LittleCMS handled color profiles. An attacker could use
these flaws to create a specially-crafted image file which could cause a
Java application to crash or, possibly, execute arbitrary code when opened.
(CVE-2009-0723, CVE-2009-0733)
A null pointer dereference flaw was found in LittleCMS. An application
using color profiles could crash while converting a specially-crafted image
file. (CVE-2009-0793)
A flaw in the Java API for XML Web Services (JAX-WS) service endpoint
handling could allow a remote attacker to cause a denial of service on the
server application hosting the JAX-WS service endpoint. (CVE-2009-1101)
A flaw in the way the Java Runtime Environment initialized LDAP connections
could allow a remote, authenticated user to cause a denial of service on
the LDAP service. (CVE-2009-1093)
A flaw in the Java Runtime Environment LDAP client could allow malicious
data from an LDAP server to cause arbitrary code to be loaded and then run
on an LDAP client. (CVE-2009-1094)
Several buffer overflow flaws were found in the Java Runtime Environment
unpack200 functionality. An untrusted applet could extend its privileges,
allowing it to read and write local files, as well as to execute local
applications with the privileges of the user running the applet.
(CVE-2009-1095, CVE-2009-1096)
A flaw in the Java Runtime Environment Virtual Machine code generation
functionality could allow untrusted applets to extend their privileges. An
untrusted applet could extend its privileges, allowing it to read and write
local files, as well as execute local applications with the privileges
of the user running the applet. (CVE-2009-1102)
A buffer overflow flaw was found in the splash screen processing. A remote
attacker could extend privileges to read and write local files, as well as
to execute local applications with the privileges of the user running the
java process. (CVE-2009-1097)
A buffer overflow flaw was found in how GIF images were processed. A remote
attacker could extend privileges to read and write local files, as well as
execute local applications with the privileges of the user running the
java process. (CVE-2009-1098)
Note: The flaws concerning applets in this advisory, CVE-2009-1095,
CVE-2009-1096, and CVE-2009-1102, can only be triggered in
java-1.6.0-openjdk by calling the "appletviewer" application.
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated java-1.6.0-openjdk packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications written\nusing the Java programming language.\n\nA flaw was found in the way that the Java Virtual Machine (JVM) handled\ntemporary font files. A malicious applet could use this flaw to use large\namounts of disk space, causing a denial of service. (CVE-2006-2426)\n\nA memory leak flaw was found in LittleCMS (embedded in OpenJDK). An\napplication using color profiles could use excessive amounts of memory, and\npossibly crash after using all available memory, if used to open\nspecially-crafted images. (CVE-2009-0581)\n\nMultiple integer overflow flaws which could lead to heap-based buffer\noverflows, as well as multiple insufficient input validation flaws, were\nfound in the way LittleCMS handled color profiles. An attacker could use\nthese flaws to create a specially-crafted image file which could cause a\nJava application to crash or, possibly, execute arbitrary code when opened.\n(CVE-2009-0723, CVE-2009-0733)\n\nA null pointer dereference flaw was found in LittleCMS. An application\nusing color profiles could crash while converting a specially-crafted image\nfile. (CVE-2009-0793)\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint\nhandling could allow a remote attacker to cause a denial of service on the\nserver application hosting the JAX-WS service endpoint. (CVE-2009-1101)\n\nA flaw in the way the Java Runtime Environment initialized LDAP connections\ncould allow a remote, authenticated user to cause a denial of service on\nthe LDAP service. (CVE-2009-1093)\n\nA flaw in the Java Runtime Environment LDAP client could allow malicious\ndata from an LDAP server to cause arbitrary code to be loaded and then run\non an LDAP client. (CVE-2009-1094)\n\nSeveral buffer overflow flaws were found in the Java Runtime Environment\nunpack200 functionality. An untrusted applet could extend its privileges,\nallowing it to read and write local files, as well as to execute local\napplications with the privileges of the user running the applet.\n(CVE-2009-1095, CVE-2009-1096)\n\nA flaw in the Java Runtime Environment Virtual Machine code generation\nfunctionality could allow untrusted applets to extend their privileges. An\nuntrusted applet could extend its privileges, allowing it to read and write\nlocal files, as well as execute local applications with the privileges\nof the user running the applet. (CVE-2009-1102)\n\nA buffer overflow flaw was found in the splash screen processing. A remote\nattacker could extend privileges to read and write local files, as well as\nto execute local applications with the privileges of the user running the\njava process. (CVE-2009-1097)\n\nA buffer overflow flaw was found in how GIF images were processed. A remote\nattacker could extend privileges to read and write local files, as well as\nexecute local applications with the privileges of the user running the\njava process. (CVE-2009-1098)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-1095,\nCVE-2009-1096, and CVE-2009-1102, can only be triggered in\njava-1.6.0-openjdk by calling the \"appletviewer\" application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:0377",
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://blogs.sun.com/security/entry/advance_notification_of_security_updates4",
"url": "http://blogs.sun.com/security/entry/advance_notification_of_security_updates4"
},
{
"category": "external",
"summary": "395481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=395481"
},
{
"category": "external",
"summary": "487508",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487508"
},
{
"category": "external",
"summary": "487509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487509"
},
{
"category": "external",
"summary": "487512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487512"
},
{
"category": "external",
"summary": "490166",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490166"
},
{
"category": "external",
"summary": "490167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490167"
},
{
"category": "external",
"summary": "490168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490168"
},
{
"category": "external",
"summary": "490169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490169"
},
{
"category": "external",
"summary": "490172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490172"
},
{
"category": "external",
"summary": "490174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490174"
},
{
"category": "external",
"summary": "490178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490178"
},
{
"category": "external",
"summary": "492353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492353"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0377.json"
}
],
"title": "Red Hat Security Advisory: java-1.6.0-openjdk security update",
"tracking": {
"current_release_date": "2024-11-22T02:35:06+00:00",
"generator": {
"date": "2024-11-22T02:35:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2009:0377",
"initial_release_date": "2009-04-07T18:36:00+00:00",
"revision_history": [
{
"date": "2009-04-07T18:36:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-04-07T14:36:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T02:35:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-0.30.b09.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_id": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-0.30.b09.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-0.30.b09.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-0.30.b09.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-0.30.b09.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-0.30.b09.el5?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-0.30.b09.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"product_id": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-0.30.b09.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-0.30.b09.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-0.30.b09.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-0.30.b09.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-0.30.b09.el5?arch=i386\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"product": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"product_id": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-0.30.b09.el5?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-2426",
"discovery_date": "2007-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "395481"
}
],
"notes": [
{
"category": "description",
"text": "Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Untrusted applet causes DoS by filling up disk space",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-2426"
},
{
"category": "external",
"summary": "RHBZ#395481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=395481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-2426",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2426"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-2426",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2426"
}
],
"release_date": "2006-05-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Untrusted applet causes DoS by filling up disk space"
},
{
"acknowledgments": [
{
"names": [
"Chris Evans"
],
"organization": "Google Security Team"
}
],
"cve": "CVE-2009-0581",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2009-02-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "487509"
}
],
"notes": [
{
"category": "description",
"text": "Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "LittleCms memory leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0581"
},
{
"category": "external",
"summary": "RHBZ#487509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487509"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0581",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0581"
}
],
"release_date": "2009-03-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "LittleCms memory leak"
},
{
"acknowledgments": [
{
"names": [
"Chris Evans"
],
"organization": "Google Security Team"
}
],
"cve": "CVE-2009-0723",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2009-02-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "487508"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "LittleCms integer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0723"
},
{
"category": "external",
"summary": "RHBZ#487508",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487508"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0723",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0723"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0723",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0723"
}
],
"release_date": "2009-03-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "LittleCms integer overflow"
},
{
"acknowledgments": [
{
"names": [
"Chris Evans"
],
"organization": "Google Security Team"
}
],
"cve": "CVE-2009-0733",
"discovery_date": "2009-02-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "487512"
}
],
"notes": [
{
"category": "description",
"text": "Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "LittleCms lack of upper-bounds check on sizes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0733"
},
{
"category": "external",
"summary": "RHBZ#487512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0733",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0733"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0733"
}
],
"release_date": "2009-03-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "LittleCms lack of upper-bounds check on sizes"
},
{
"cve": "CVE-2009-0793",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2009-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492353"
}
],
"notes": [
{
"category": "description",
"text": "cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for \"transformations of monochrome profiles.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lcms: Null pointer dereference (DoS) by handling transformations of monochrome profiles",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0793"
},
{
"category": "external",
"summary": "RHBZ#492353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492353"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0793",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0793"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0793",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0793"
}
],
"release_date": "2009-04-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "lcms: Null pointer dereference (DoS) by handling transformations of monochrome profiles"
},
{
"cve": "CVE-2009-1093",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490167"
}
],
"notes": [
{
"category": "description",
"text": "LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK remote LDAP Denial-Of-Service (6717680)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1093"
},
{
"category": "external",
"summary": "RHBZ#490167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1093",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1093"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1093",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1093"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK remote LDAP Denial-Of-Service (6717680)"
},
{
"cve": "CVE-2009-1094",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490168"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK LDAP client remote code execution (6737315)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1094"
},
{
"category": "external",
"summary": "RHBZ#490168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490168"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1094"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1094",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1094"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK LDAP client remote code execution (6737315)"
},
{
"cve": "CVE-2009-1095",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490169"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1095"
},
{
"category": "external",
"summary": "RHBZ#490169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490169"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1095",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1095"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1095",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1095"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)"
},
{
"cve": "CVE-2009-1096",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490169"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1096"
},
{
"category": "external",
"summary": "RHBZ#490169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490169"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1096",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1096"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1096",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1096"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)"
},
{
"cve": "CVE-2009-1097",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490174"
}
],
"notes": [
{
"category": "description",
"text": "Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: PNG and GIF processing buffer overflow vulnerabilities (6804996, 6804997)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1097"
},
{
"category": "external",
"summary": "RHBZ#490174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490174"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1097",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1097"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1097",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1097"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: PNG and GIF processing buffer overflow vulnerabilities (6804996, 6804997)"
},
{
"cve": "CVE-2009-1098",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490178"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK GIF processing buffer overflow vulnerability (6804998)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1098"
},
{
"category": "external",
"summary": "RHBZ#490178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490178"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1098",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1098"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1098",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1098"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK GIF processing buffer overflow vulnerability (6804998)"
},
{
"cve": "CVE-2009-1101",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490166"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor \"leak.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1101"
},
{
"category": "external",
"summary": "RHBZ#490166",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490166"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1101",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1101"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1101",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1101"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)"
},
{
"cve": "CVE-2009-1102",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490172"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"code generation.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK code generation vulnerability (6636360)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1102"
},
{
"category": "external",
"summary": "RHBZ#490172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490172"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1102"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK code generation vulnerability (6636360)"
}
]
}
RHSA-2009:0392
Vulnerability from csaf_redhat
Published
2009-03-26 16:03
Modified
2024-11-14 10:07
Summary
Red Hat Security Advisory: java-1.6.0-sun security update
Notes
Topic
Updated java-1.6.0-sun packages that correct several security issues are
now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and
the Sun Java 6 Software Development Kit.
This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. These
vulnerabilities are summarized on the "Advance notification of Security
Updates for Java SE" page from Sun Microsystems, listed in the References
section. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,
CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105,
CVE-2009-1106, CVE-2009-1107)
Users of java-1.6.0-sun should upgrade to these updated packages, which
correct these issues. All running instances of Sun Java must be restarted
for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated java-1.6.0-sun packages that correct several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the \"Advance notification of Security\nUpdates for Java SE\" page from Sun Microsystems, listed in the References\nsection. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105,\nCVE-2009-1106, CVE-2009-1107)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:0392",
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://blogs.sun.com/security/entry/advance_notification_of_security_updates4",
"url": "http://blogs.sun.com/security/entry/advance_notification_of_security_updates4"
},
{
"category": "external",
"summary": "395481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=395481"
},
{
"category": "external",
"summary": "490166",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490166"
},
{
"category": "external",
"summary": "490167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490167"
},
{
"category": "external",
"summary": "490168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490168"
},
{
"category": "external",
"summary": "490169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490169"
},
{
"category": "external",
"summary": "490172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490172"
},
{
"category": "external",
"summary": "490174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490174"
},
{
"category": "external",
"summary": "490178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490178"
},
{
"category": "external",
"summary": "492302",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492302"
},
{
"category": "external",
"summary": "492305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492305"
},
{
"category": "external",
"summary": "492306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492306"
},
{
"category": "external",
"summary": "492308",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492308"
},
{
"category": "external",
"summary": "492309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492309"
},
{
"category": "external",
"summary": "492310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492310"
},
{
"category": "external",
"summary": "492312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492312"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0392.json"
}
],
"title": "Red Hat Security Advisory: java-1.6.0-sun security update",
"tracking": {
"current_release_date": "2024-11-14T10:07:22+00:00",
"generator": {
"date": "2024-11-14T10:07:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2009:0392",
"initial_release_date": "2009-03-26T16:03:00+00:00",
"revision_history": [
{
"date": "2009-03-26T16:03:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-03-26T12:03:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T10:07:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_id": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.13-1jpp.1.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_id": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.13-1jpp.1.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_id": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.13-1jpp.1.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_id": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.13-1jpp.1.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_id": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.13-1jpp.1.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_id": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.13-1jpp.1.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"product": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_id": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.13-1jpp.1.el4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"product": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_id": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.13-1jpp.1.el4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"product": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_id": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.13-1jpp.1.el4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"product": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_id": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.13-1jpp.1.el4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"product": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_id": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.13-1jpp.1.el4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"product": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_id": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.13-1jpp.1.el4?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"product": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"product_id": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.13-1jpp.1.el5?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"product": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"product_id": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.13-1jpp.1.el5?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"product": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"product_id": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.13-1jpp.1.el5?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"product": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"product_id": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.13-1jpp.1.el5?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"product": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"product_id": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.13-1jpp.1.el5?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"product": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"product_id": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.13-1jpp.1.el5?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"product": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"product_id": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.13-1jpp.1.el4?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"product": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"product_id": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.13-1jpp.1.el4?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"product": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"product_id": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.13-1jpp.1.el4?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"product": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"product_id": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.13-1jpp.1.el4?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"product": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"product_id": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.13-1jpp.1.el4?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"product": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"product_id": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.13-1jpp.1.el4?arch=i586\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i586"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-2426",
"discovery_date": "2007-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "395481"
}
],
"notes": [
{
"category": "description",
"text": "Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Untrusted applet causes DoS by filling up disk space",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-2426"
},
{
"category": "external",
"summary": "RHBZ#395481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=395481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-2426",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2426"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-2426",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2426"
}
],
"release_date": "2006-05-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Untrusted applet causes DoS by filling up disk space"
},
{
"cve": "CVE-2009-1093",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490167"
}
],
"notes": [
{
"category": "description",
"text": "LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK remote LDAP Denial-Of-Service (6717680)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1093"
},
{
"category": "external",
"summary": "RHBZ#490167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1093",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1093"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1093",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1093"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK remote LDAP Denial-Of-Service (6717680)"
},
{
"cve": "CVE-2009-1094",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490168"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK LDAP client remote code execution (6737315)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1094"
},
{
"category": "external",
"summary": "RHBZ#490168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490168"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1094"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1094",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1094"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK LDAP client remote code execution (6737315)"
},
{
"cve": "CVE-2009-1095",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490169"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1095"
},
{
"category": "external",
"summary": "RHBZ#490169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490169"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1095",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1095"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1095",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1095"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)"
},
{
"cve": "CVE-2009-1096",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490169"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1096"
},
{
"category": "external",
"summary": "RHBZ#490169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490169"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1096",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1096"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1096",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1096"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)"
},
{
"cve": "CVE-2009-1097",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490174"
}
],
"notes": [
{
"category": "description",
"text": "Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: PNG and GIF processing buffer overflow vulnerabilities (6804996, 6804997)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1097"
},
{
"category": "external",
"summary": "RHBZ#490174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490174"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1097",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1097"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1097",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1097"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: PNG and GIF processing buffer overflow vulnerabilities (6804996, 6804997)"
},
{
"cve": "CVE-2009-1098",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490178"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK GIF processing buffer overflow vulnerability (6804998)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1098"
},
{
"category": "external",
"summary": "RHBZ#490178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490178"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1098",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1098"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1098",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1098"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK GIF processing buffer overflow vulnerability (6804998)"
},
{
"cve": "CVE-2009-1099",
"discovery_date": "2009-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492302"
}
],
"notes": [
{
"category": "description",
"text": "Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Type1 font processing buffer overflow vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1099"
},
{
"category": "external",
"summary": "RHBZ#492302",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492302"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1099",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1099"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1099",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1099"
}
],
"release_date": "2009-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: Type1 font processing buffer overflow vulnerability"
},
{
"cve": "CVE-2009-1100",
"discovery_date": "2009-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492305"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) \"limits on Font creation,\" aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: DoS (disk consumption) via handling of temporary font files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1100"
},
{
"category": "external",
"summary": "RHBZ#492305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492305"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1100",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1100"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1100",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1100"
}
],
"release_date": "2009-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "OpenJDK: DoS (disk consumption) via handling of temporary font files"
},
{
"cve": "CVE-2009-1101",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490166"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor \"leak.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1101"
},
{
"category": "external",
"summary": "RHBZ#490166",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490166"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1101",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1101"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1101",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1101"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)"
},
{
"cve": "CVE-2009-1102",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490172"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"code generation.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK code generation vulnerability (6636360)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1102"
},
{
"category": "external",
"summary": "RHBZ#490172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490172"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1102"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK code generation vulnerability (6636360)"
},
{
"cve": "CVE-2009-1103",
"discovery_date": "2009-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492306"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"deserializing applets,\" aka CR 6646860.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Files disclosure, arbitrary code execution via \"deserializing applets\" (6646860)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1103"
},
{
"category": "external",
"summary": "RHBZ#492306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492306"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1103",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1103"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1103",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1103"
}
],
"release_date": "2009-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: Files disclosure, arbitrary code execution via \"deserializing applets\" (6646860)"
},
{
"cve": "CVE-2009-1104",
"discovery_date": "2009-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492308"
}
],
"notes": [
{
"category": "description",
"text": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Intended access restrictions bypass via LiveConnect (6724331)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1104"
},
{
"category": "external",
"summary": "RHBZ#492308",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492308"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1104",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1104"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1104",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1104"
}
],
"release_date": "2009-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: Intended access restrictions bypass via LiveConnect (6724331)"
},
{
"cve": "CVE-2009-1105",
"discovery_date": "2009-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492309"
}
],
"notes": [
{
"category": "description",
"text": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Possibility of trusted applet run in older, vulnerable version of JRE (6706490)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1105"
},
{
"category": "external",
"summary": "RHBZ#492309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492309"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1105",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1105"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1105",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1105"
}
],
"release_date": "2009-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: Possibility of trusted applet run in older, vulnerable version of JRE (6706490)"
},
{
"cve": "CVE-2009-1106",
"discovery_date": "2009-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492310"
}
],
"notes": [
{
"category": "description",
"text": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Improper parsing of crossdomain.xml files (intended access restriction bypass) (6798948)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1106"
},
{
"category": "external",
"summary": "RHBZ#492310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1106",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1106"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1106",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1106"
}
],
"release_date": "2009-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: Improper parsing of crossdomain.xml files (intended access restriction bypass) (6798948)"
},
{
"cve": "CVE-2009-1107",
"discovery_date": "2009-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492312"
}
],
"notes": [
{
"category": "description",
"text": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a \"Swing JLabel HTML parsing vulnerability,\" aka CR 6782871.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Signed applet remote misuse possibility (6782871)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1107"
},
{
"category": "external",
"summary": "RHBZ#492312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492312"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1107",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1107"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1107",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1107"
}
],
"release_date": "2009-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: Signed applet remote misuse possibility (6782871)"
}
]
}
rhsa-2009_0377
Vulnerability from csaf_redhat
Published
2009-04-07 18:36
Modified
2024-11-22 02:35
Summary
Red Hat Security Advisory: java-1.6.0-openjdk security update
Notes
Topic
Updated java-1.6.0-openjdk packages that fix several security issues are
now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)
contains the software and tools that users need to run applications written
using the Java programming language.
A flaw was found in the way that the Java Virtual Machine (JVM) handled
temporary font files. A malicious applet could use this flaw to use large
amounts of disk space, causing a denial of service. (CVE-2006-2426)
A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An
application using color profiles could use excessive amounts of memory, and
possibly crash after using all available memory, if used to open
specially-crafted images. (CVE-2009-0581)
Multiple integer overflow flaws which could lead to heap-based buffer
overflows, as well as multiple insufficient input validation flaws, were
found in the way LittleCMS handled color profiles. An attacker could use
these flaws to create a specially-crafted image file which could cause a
Java application to crash or, possibly, execute arbitrary code when opened.
(CVE-2009-0723, CVE-2009-0733)
A null pointer dereference flaw was found in LittleCMS. An application
using color profiles could crash while converting a specially-crafted image
file. (CVE-2009-0793)
A flaw in the Java API for XML Web Services (JAX-WS) service endpoint
handling could allow a remote attacker to cause a denial of service on the
server application hosting the JAX-WS service endpoint. (CVE-2009-1101)
A flaw in the way the Java Runtime Environment initialized LDAP connections
could allow a remote, authenticated user to cause a denial of service on
the LDAP service. (CVE-2009-1093)
A flaw in the Java Runtime Environment LDAP client could allow malicious
data from an LDAP server to cause arbitrary code to be loaded and then run
on an LDAP client. (CVE-2009-1094)
Several buffer overflow flaws were found in the Java Runtime Environment
unpack200 functionality. An untrusted applet could extend its privileges,
allowing it to read and write local files, as well as to execute local
applications with the privileges of the user running the applet.
(CVE-2009-1095, CVE-2009-1096)
A flaw in the Java Runtime Environment Virtual Machine code generation
functionality could allow untrusted applets to extend their privileges. An
untrusted applet could extend its privileges, allowing it to read and write
local files, as well as execute local applications with the privileges
of the user running the applet. (CVE-2009-1102)
A buffer overflow flaw was found in the splash screen processing. A remote
attacker could extend privileges to read and write local files, as well as
to execute local applications with the privileges of the user running the
java process. (CVE-2009-1097)
A buffer overflow flaw was found in how GIF images were processed. A remote
attacker could extend privileges to read and write local files, as well as
execute local applications with the privileges of the user running the
java process. (CVE-2009-1098)
Note: The flaws concerning applets in this advisory, CVE-2009-1095,
CVE-2009-1096, and CVE-2009-1102, can only be triggered in
java-1.6.0-openjdk by calling the "appletviewer" application.
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated java-1.6.0-openjdk packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications written\nusing the Java programming language.\n\nA flaw was found in the way that the Java Virtual Machine (JVM) handled\ntemporary font files. A malicious applet could use this flaw to use large\namounts of disk space, causing a denial of service. (CVE-2006-2426)\n\nA memory leak flaw was found in LittleCMS (embedded in OpenJDK). An\napplication using color profiles could use excessive amounts of memory, and\npossibly crash after using all available memory, if used to open\nspecially-crafted images. (CVE-2009-0581)\n\nMultiple integer overflow flaws which could lead to heap-based buffer\noverflows, as well as multiple insufficient input validation flaws, were\nfound in the way LittleCMS handled color profiles. An attacker could use\nthese flaws to create a specially-crafted image file which could cause a\nJava application to crash or, possibly, execute arbitrary code when opened.\n(CVE-2009-0723, CVE-2009-0733)\n\nA null pointer dereference flaw was found in LittleCMS. An application\nusing color profiles could crash while converting a specially-crafted image\nfile. (CVE-2009-0793)\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint\nhandling could allow a remote attacker to cause a denial of service on the\nserver application hosting the JAX-WS service endpoint. (CVE-2009-1101)\n\nA flaw in the way the Java Runtime Environment initialized LDAP connections\ncould allow a remote, authenticated user to cause a denial of service on\nthe LDAP service. (CVE-2009-1093)\n\nA flaw in the Java Runtime Environment LDAP client could allow malicious\ndata from an LDAP server to cause arbitrary code to be loaded and then run\non an LDAP client. (CVE-2009-1094)\n\nSeveral buffer overflow flaws were found in the Java Runtime Environment\nunpack200 functionality. An untrusted applet could extend its privileges,\nallowing it to read and write local files, as well as to execute local\napplications with the privileges of the user running the applet.\n(CVE-2009-1095, CVE-2009-1096)\n\nA flaw in the Java Runtime Environment Virtual Machine code generation\nfunctionality could allow untrusted applets to extend their privileges. An\nuntrusted applet could extend its privileges, allowing it to read and write\nlocal files, as well as execute local applications with the privileges\nof the user running the applet. (CVE-2009-1102)\n\nA buffer overflow flaw was found in the splash screen processing. A remote\nattacker could extend privileges to read and write local files, as well as\nto execute local applications with the privileges of the user running the\njava process. (CVE-2009-1097)\n\nA buffer overflow flaw was found in how GIF images were processed. A remote\nattacker could extend privileges to read and write local files, as well as\nexecute local applications with the privileges of the user running the\njava process. (CVE-2009-1098)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-1095,\nCVE-2009-1096, and CVE-2009-1102, can only be triggered in\njava-1.6.0-openjdk by calling the \"appletviewer\" application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:0377",
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://blogs.sun.com/security/entry/advance_notification_of_security_updates4",
"url": "http://blogs.sun.com/security/entry/advance_notification_of_security_updates4"
},
{
"category": "external",
"summary": "395481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=395481"
},
{
"category": "external",
"summary": "487508",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487508"
},
{
"category": "external",
"summary": "487509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487509"
},
{
"category": "external",
"summary": "487512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487512"
},
{
"category": "external",
"summary": "490166",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490166"
},
{
"category": "external",
"summary": "490167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490167"
},
{
"category": "external",
"summary": "490168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490168"
},
{
"category": "external",
"summary": "490169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490169"
},
{
"category": "external",
"summary": "490172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490172"
},
{
"category": "external",
"summary": "490174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490174"
},
{
"category": "external",
"summary": "490178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490178"
},
{
"category": "external",
"summary": "492353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492353"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0377.json"
}
],
"title": "Red Hat Security Advisory: java-1.6.0-openjdk security update",
"tracking": {
"current_release_date": "2024-11-22T02:35:06+00:00",
"generator": {
"date": "2024-11-22T02:35:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2009:0377",
"initial_release_date": "2009-04-07T18:36:00+00:00",
"revision_history": [
{
"date": "2009-04-07T18:36:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-04-07T14:36:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T02:35:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-0.30.b09.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_id": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-0.30.b09.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-0.30.b09.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-0.30.b09.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-0.30.b09.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-0.30.b09.el5?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-0.30.b09.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"product_id": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-0.30.b09.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-0.30.b09.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-0.30.b09.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-0.30.b09.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-0.30.b09.el5?arch=i386\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"product": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"product_id": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-0.30.b09.el5?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-2426",
"discovery_date": "2007-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "395481"
}
],
"notes": [
{
"category": "description",
"text": "Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Untrusted applet causes DoS by filling up disk space",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-2426"
},
{
"category": "external",
"summary": "RHBZ#395481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=395481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-2426",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2426"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-2426",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2426"
}
],
"release_date": "2006-05-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Untrusted applet causes DoS by filling up disk space"
},
{
"acknowledgments": [
{
"names": [
"Chris Evans"
],
"organization": "Google Security Team"
}
],
"cve": "CVE-2009-0581",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2009-02-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "487509"
}
],
"notes": [
{
"category": "description",
"text": "Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "LittleCms memory leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0581"
},
{
"category": "external",
"summary": "RHBZ#487509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487509"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0581",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0581"
}
],
"release_date": "2009-03-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "LittleCms memory leak"
},
{
"acknowledgments": [
{
"names": [
"Chris Evans"
],
"organization": "Google Security Team"
}
],
"cve": "CVE-2009-0723",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2009-02-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "487508"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "LittleCms integer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0723"
},
{
"category": "external",
"summary": "RHBZ#487508",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487508"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0723",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0723"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0723",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0723"
}
],
"release_date": "2009-03-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "LittleCms integer overflow"
},
{
"acknowledgments": [
{
"names": [
"Chris Evans"
],
"organization": "Google Security Team"
}
],
"cve": "CVE-2009-0733",
"discovery_date": "2009-02-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "487512"
}
],
"notes": [
{
"category": "description",
"text": "Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "LittleCms lack of upper-bounds check on sizes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0733"
},
{
"category": "external",
"summary": "RHBZ#487512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0733",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0733"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0733"
}
],
"release_date": "2009-03-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "LittleCms lack of upper-bounds check on sizes"
},
{
"cve": "CVE-2009-0793",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2009-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492353"
}
],
"notes": [
{
"category": "description",
"text": "cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for \"transformations of monochrome profiles.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lcms: Null pointer dereference (DoS) by handling transformations of monochrome profiles",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0793"
},
{
"category": "external",
"summary": "RHBZ#492353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492353"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0793",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0793"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0793",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0793"
}
],
"release_date": "2009-04-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "lcms: Null pointer dereference (DoS) by handling transformations of monochrome profiles"
},
{
"cve": "CVE-2009-1093",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490167"
}
],
"notes": [
{
"category": "description",
"text": "LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK remote LDAP Denial-Of-Service (6717680)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1093"
},
{
"category": "external",
"summary": "RHBZ#490167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1093",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1093"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1093",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1093"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK remote LDAP Denial-Of-Service (6717680)"
},
{
"cve": "CVE-2009-1094",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490168"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK LDAP client remote code execution (6737315)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1094"
},
{
"category": "external",
"summary": "RHBZ#490168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490168"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1094"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1094",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1094"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK LDAP client remote code execution (6737315)"
},
{
"cve": "CVE-2009-1095",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490169"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1095"
},
{
"category": "external",
"summary": "RHBZ#490169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490169"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1095",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1095"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1095",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1095"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)"
},
{
"cve": "CVE-2009-1096",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490169"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1096"
},
{
"category": "external",
"summary": "RHBZ#490169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490169"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1096",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1096"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1096",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1096"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)"
},
{
"cve": "CVE-2009-1097",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490174"
}
],
"notes": [
{
"category": "description",
"text": "Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: PNG and GIF processing buffer overflow vulnerabilities (6804996, 6804997)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1097"
},
{
"category": "external",
"summary": "RHBZ#490174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490174"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1097",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1097"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1097",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1097"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: PNG and GIF processing buffer overflow vulnerabilities (6804996, 6804997)"
},
{
"cve": "CVE-2009-1098",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490178"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK GIF processing buffer overflow vulnerability (6804998)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1098"
},
{
"category": "external",
"summary": "RHBZ#490178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490178"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1098",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1098"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1098",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1098"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK GIF processing buffer overflow vulnerability (6804998)"
},
{
"cve": "CVE-2009-1101",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490166"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor \"leak.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1101"
},
{
"category": "external",
"summary": "RHBZ#490166",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490166"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1101",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1101"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1101",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1101"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)"
},
{
"cve": "CVE-2009-1102",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490172"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"code generation.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK code generation vulnerability (6636360)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1102"
},
{
"category": "external",
"summary": "RHBZ#490172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490172"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1102"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK code generation vulnerability (6636360)"
}
]
}
rhsa-2009_0392
Vulnerability from csaf_redhat
Published
2009-03-26 16:03
Modified
2024-11-14 10:07
Summary
Red Hat Security Advisory: java-1.6.0-sun security update
Notes
Topic
Updated java-1.6.0-sun packages that correct several security issues are
now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and
the Sun Java 6 Software Development Kit.
This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. These
vulnerabilities are summarized on the "Advance notification of Security
Updates for Java SE" page from Sun Microsystems, listed in the References
section. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,
CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105,
CVE-2009-1106, CVE-2009-1107)
Users of java-1.6.0-sun should upgrade to these updated packages, which
correct these issues. All running instances of Sun Java must be restarted
for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated java-1.6.0-sun packages that correct several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the \"Advance notification of Security\nUpdates for Java SE\" page from Sun Microsystems, listed in the References\nsection. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105,\nCVE-2009-1106, CVE-2009-1107)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:0392",
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://blogs.sun.com/security/entry/advance_notification_of_security_updates4",
"url": "http://blogs.sun.com/security/entry/advance_notification_of_security_updates4"
},
{
"category": "external",
"summary": "395481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=395481"
},
{
"category": "external",
"summary": "490166",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490166"
},
{
"category": "external",
"summary": "490167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490167"
},
{
"category": "external",
"summary": "490168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490168"
},
{
"category": "external",
"summary": "490169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490169"
},
{
"category": "external",
"summary": "490172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490172"
},
{
"category": "external",
"summary": "490174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490174"
},
{
"category": "external",
"summary": "490178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490178"
},
{
"category": "external",
"summary": "492302",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492302"
},
{
"category": "external",
"summary": "492305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492305"
},
{
"category": "external",
"summary": "492306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492306"
},
{
"category": "external",
"summary": "492308",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492308"
},
{
"category": "external",
"summary": "492309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492309"
},
{
"category": "external",
"summary": "492310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492310"
},
{
"category": "external",
"summary": "492312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492312"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0392.json"
}
],
"title": "Red Hat Security Advisory: java-1.6.0-sun security update",
"tracking": {
"current_release_date": "2024-11-14T10:07:22+00:00",
"generator": {
"date": "2024-11-14T10:07:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2009:0392",
"initial_release_date": "2009-03-26T16:03:00+00:00",
"revision_history": [
{
"date": "2009-03-26T16:03:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-03-26T12:03:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T10:07:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_id": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.13-1jpp.1.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_id": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.13-1jpp.1.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_id": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.13-1jpp.1.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_id": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.13-1jpp.1.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_id": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.13-1jpp.1.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_id": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.13-1jpp.1.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"product": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_id": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.13-1jpp.1.el4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"product": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_id": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.13-1jpp.1.el4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"product": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_id": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.13-1jpp.1.el4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"product": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_id": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.13-1jpp.1.el4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"product": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_id": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.13-1jpp.1.el4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"product": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_id": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.13-1jpp.1.el4?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"product": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"product_id": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.13-1jpp.1.el5?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"product": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"product_id": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.13-1jpp.1.el5?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"product": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"product_id": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.13-1jpp.1.el5?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"product": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"product_id": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.13-1jpp.1.el5?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"product": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"product_id": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.13-1jpp.1.el5?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"product": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"product_id": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.13-1jpp.1.el5?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"product": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"product_id": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.13-1jpp.1.el4?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"product": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"product_id": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.13-1jpp.1.el4?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"product": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"product_id": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.13-1jpp.1.el4?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"product": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"product_id": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.13-1jpp.1.el4?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"product": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"product_id": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.13-1jpp.1.el4?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"product": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"product_id": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.13-1jpp.1.el4?arch=i586\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i586"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-2426",
"discovery_date": "2007-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "395481"
}
],
"notes": [
{
"category": "description",
"text": "Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Untrusted applet causes DoS by filling up disk space",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-2426"
},
{
"category": "external",
"summary": "RHBZ#395481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=395481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-2426",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2426"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-2426",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2426"
}
],
"release_date": "2006-05-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Untrusted applet causes DoS by filling up disk space"
},
{
"cve": "CVE-2009-1093",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490167"
}
],
"notes": [
{
"category": "description",
"text": "LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK remote LDAP Denial-Of-Service (6717680)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1093"
},
{
"category": "external",
"summary": "RHBZ#490167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1093",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1093"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1093",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1093"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK remote LDAP Denial-Of-Service (6717680)"
},
{
"cve": "CVE-2009-1094",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490168"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK LDAP client remote code execution (6737315)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1094"
},
{
"category": "external",
"summary": "RHBZ#490168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490168"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1094"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1094",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1094"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK LDAP client remote code execution (6737315)"
},
{
"cve": "CVE-2009-1095",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490169"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1095"
},
{
"category": "external",
"summary": "RHBZ#490169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490169"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1095",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1095"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1095",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1095"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)"
},
{
"cve": "CVE-2009-1096",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490169"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1096"
},
{
"category": "external",
"summary": "RHBZ#490169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490169"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1096",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1096"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1096",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1096"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)"
},
{
"cve": "CVE-2009-1097",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490174"
}
],
"notes": [
{
"category": "description",
"text": "Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: PNG and GIF processing buffer overflow vulnerabilities (6804996, 6804997)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1097"
},
{
"category": "external",
"summary": "RHBZ#490174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490174"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1097",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1097"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1097",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1097"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: PNG and GIF processing buffer overflow vulnerabilities (6804996, 6804997)"
},
{
"cve": "CVE-2009-1098",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490178"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK GIF processing buffer overflow vulnerability (6804998)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1098"
},
{
"category": "external",
"summary": "RHBZ#490178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490178"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1098",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1098"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1098",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1098"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK GIF processing buffer overflow vulnerability (6804998)"
},
{
"cve": "CVE-2009-1099",
"discovery_date": "2009-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492302"
}
],
"notes": [
{
"category": "description",
"text": "Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Type1 font processing buffer overflow vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1099"
},
{
"category": "external",
"summary": "RHBZ#492302",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492302"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1099",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1099"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1099",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1099"
}
],
"release_date": "2009-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: Type1 font processing buffer overflow vulnerability"
},
{
"cve": "CVE-2009-1100",
"discovery_date": "2009-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492305"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) \"limits on Font creation,\" aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: DoS (disk consumption) via handling of temporary font files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1100"
},
{
"category": "external",
"summary": "RHBZ#492305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492305"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1100",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1100"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1100",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1100"
}
],
"release_date": "2009-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "OpenJDK: DoS (disk consumption) via handling of temporary font files"
},
{
"cve": "CVE-2009-1101",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490166"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor \"leak.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1101"
},
{
"category": "external",
"summary": "RHBZ#490166",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490166"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1101",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1101"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1101",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1101"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)"
},
{
"cve": "CVE-2009-1102",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490172"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"code generation.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK code generation vulnerability (6636360)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1102"
},
{
"category": "external",
"summary": "RHBZ#490172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490172"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1102"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK code generation vulnerability (6636360)"
},
{
"cve": "CVE-2009-1103",
"discovery_date": "2009-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492306"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"deserializing applets,\" aka CR 6646860.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Files disclosure, arbitrary code execution via \"deserializing applets\" (6646860)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1103"
},
{
"category": "external",
"summary": "RHBZ#492306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492306"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1103",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1103"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1103",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1103"
}
],
"release_date": "2009-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: Files disclosure, arbitrary code execution via \"deserializing applets\" (6646860)"
},
{
"cve": "CVE-2009-1104",
"discovery_date": "2009-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492308"
}
],
"notes": [
{
"category": "description",
"text": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Intended access restrictions bypass via LiveConnect (6724331)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1104"
},
{
"category": "external",
"summary": "RHBZ#492308",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492308"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1104",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1104"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1104",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1104"
}
],
"release_date": "2009-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: Intended access restrictions bypass via LiveConnect (6724331)"
},
{
"cve": "CVE-2009-1105",
"discovery_date": "2009-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492309"
}
],
"notes": [
{
"category": "description",
"text": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Possibility of trusted applet run in older, vulnerable version of JRE (6706490)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1105"
},
{
"category": "external",
"summary": "RHBZ#492309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492309"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1105",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1105"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1105",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1105"
}
],
"release_date": "2009-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: Possibility of trusted applet run in older, vulnerable version of JRE (6706490)"
},
{
"cve": "CVE-2009-1106",
"discovery_date": "2009-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492310"
}
],
"notes": [
{
"category": "description",
"text": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Improper parsing of crossdomain.xml files (intended access restriction bypass) (6798948)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1106"
},
{
"category": "external",
"summary": "RHBZ#492310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1106",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1106"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1106",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1106"
}
],
"release_date": "2009-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: Improper parsing of crossdomain.xml files (intended access restriction bypass) (6798948)"
},
{
"cve": "CVE-2009-1107",
"discovery_date": "2009-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492312"
}
],
"notes": [
{
"category": "description",
"text": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a \"Swing JLabel HTML parsing vulnerability,\" aka CR 6782871.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Signed applet remote misuse possibility (6782871)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1107"
},
{
"category": "external",
"summary": "RHBZ#492312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492312"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1107",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1107"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1107",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1107"
}
],
"release_date": "2009-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: Signed applet remote misuse possibility (6782871)"
}
]
}
rhsa-2009:0377
Vulnerability from csaf_redhat
Published
2009-04-07 18:36
Modified
2024-11-22 02:35
Summary
Red Hat Security Advisory: java-1.6.0-openjdk security update
Notes
Topic
Updated java-1.6.0-openjdk packages that fix several security issues are
now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)
contains the software and tools that users need to run applications written
using the Java programming language.
A flaw was found in the way that the Java Virtual Machine (JVM) handled
temporary font files. A malicious applet could use this flaw to use large
amounts of disk space, causing a denial of service. (CVE-2006-2426)
A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An
application using color profiles could use excessive amounts of memory, and
possibly crash after using all available memory, if used to open
specially-crafted images. (CVE-2009-0581)
Multiple integer overflow flaws which could lead to heap-based buffer
overflows, as well as multiple insufficient input validation flaws, were
found in the way LittleCMS handled color profiles. An attacker could use
these flaws to create a specially-crafted image file which could cause a
Java application to crash or, possibly, execute arbitrary code when opened.
(CVE-2009-0723, CVE-2009-0733)
A null pointer dereference flaw was found in LittleCMS. An application
using color profiles could crash while converting a specially-crafted image
file. (CVE-2009-0793)
A flaw in the Java API for XML Web Services (JAX-WS) service endpoint
handling could allow a remote attacker to cause a denial of service on the
server application hosting the JAX-WS service endpoint. (CVE-2009-1101)
A flaw in the way the Java Runtime Environment initialized LDAP connections
could allow a remote, authenticated user to cause a denial of service on
the LDAP service. (CVE-2009-1093)
A flaw in the Java Runtime Environment LDAP client could allow malicious
data from an LDAP server to cause arbitrary code to be loaded and then run
on an LDAP client. (CVE-2009-1094)
Several buffer overflow flaws were found in the Java Runtime Environment
unpack200 functionality. An untrusted applet could extend its privileges,
allowing it to read and write local files, as well as to execute local
applications with the privileges of the user running the applet.
(CVE-2009-1095, CVE-2009-1096)
A flaw in the Java Runtime Environment Virtual Machine code generation
functionality could allow untrusted applets to extend their privileges. An
untrusted applet could extend its privileges, allowing it to read and write
local files, as well as execute local applications with the privileges
of the user running the applet. (CVE-2009-1102)
A buffer overflow flaw was found in the splash screen processing. A remote
attacker could extend privileges to read and write local files, as well as
to execute local applications with the privileges of the user running the
java process. (CVE-2009-1097)
A buffer overflow flaw was found in how GIF images were processed. A remote
attacker could extend privileges to read and write local files, as well as
execute local applications with the privileges of the user running the
java process. (CVE-2009-1098)
Note: The flaws concerning applets in this advisory, CVE-2009-1095,
CVE-2009-1096, and CVE-2009-1102, can only be triggered in
java-1.6.0-openjdk by calling the "appletviewer" application.
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated java-1.6.0-openjdk packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications written\nusing the Java programming language.\n\nA flaw was found in the way that the Java Virtual Machine (JVM) handled\ntemporary font files. A malicious applet could use this flaw to use large\namounts of disk space, causing a denial of service. (CVE-2006-2426)\n\nA memory leak flaw was found in LittleCMS (embedded in OpenJDK). An\napplication using color profiles could use excessive amounts of memory, and\npossibly crash after using all available memory, if used to open\nspecially-crafted images. (CVE-2009-0581)\n\nMultiple integer overflow flaws which could lead to heap-based buffer\noverflows, as well as multiple insufficient input validation flaws, were\nfound in the way LittleCMS handled color profiles. An attacker could use\nthese flaws to create a specially-crafted image file which could cause a\nJava application to crash or, possibly, execute arbitrary code when opened.\n(CVE-2009-0723, CVE-2009-0733)\n\nA null pointer dereference flaw was found in LittleCMS. An application\nusing color profiles could crash while converting a specially-crafted image\nfile. (CVE-2009-0793)\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint\nhandling could allow a remote attacker to cause a denial of service on the\nserver application hosting the JAX-WS service endpoint. (CVE-2009-1101)\n\nA flaw in the way the Java Runtime Environment initialized LDAP connections\ncould allow a remote, authenticated user to cause a denial of service on\nthe LDAP service. (CVE-2009-1093)\n\nA flaw in the Java Runtime Environment LDAP client could allow malicious\ndata from an LDAP server to cause arbitrary code to be loaded and then run\non an LDAP client. (CVE-2009-1094)\n\nSeveral buffer overflow flaws were found in the Java Runtime Environment\nunpack200 functionality. An untrusted applet could extend its privileges,\nallowing it to read and write local files, as well as to execute local\napplications with the privileges of the user running the applet.\n(CVE-2009-1095, CVE-2009-1096)\n\nA flaw in the Java Runtime Environment Virtual Machine code generation\nfunctionality could allow untrusted applets to extend their privileges. An\nuntrusted applet could extend its privileges, allowing it to read and write\nlocal files, as well as execute local applications with the privileges\nof the user running the applet. (CVE-2009-1102)\n\nA buffer overflow flaw was found in the splash screen processing. A remote\nattacker could extend privileges to read and write local files, as well as\nto execute local applications with the privileges of the user running the\njava process. (CVE-2009-1097)\n\nA buffer overflow flaw was found in how GIF images were processed. A remote\nattacker could extend privileges to read and write local files, as well as\nexecute local applications with the privileges of the user running the\njava process. (CVE-2009-1098)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-1095,\nCVE-2009-1096, and CVE-2009-1102, can only be triggered in\njava-1.6.0-openjdk by calling the \"appletviewer\" application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:0377",
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://blogs.sun.com/security/entry/advance_notification_of_security_updates4",
"url": "http://blogs.sun.com/security/entry/advance_notification_of_security_updates4"
},
{
"category": "external",
"summary": "395481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=395481"
},
{
"category": "external",
"summary": "487508",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487508"
},
{
"category": "external",
"summary": "487509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487509"
},
{
"category": "external",
"summary": "487512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487512"
},
{
"category": "external",
"summary": "490166",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490166"
},
{
"category": "external",
"summary": "490167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490167"
},
{
"category": "external",
"summary": "490168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490168"
},
{
"category": "external",
"summary": "490169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490169"
},
{
"category": "external",
"summary": "490172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490172"
},
{
"category": "external",
"summary": "490174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490174"
},
{
"category": "external",
"summary": "490178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490178"
},
{
"category": "external",
"summary": "492353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492353"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0377.json"
}
],
"title": "Red Hat Security Advisory: java-1.6.0-openjdk security update",
"tracking": {
"current_release_date": "2024-11-22T02:35:06+00:00",
"generator": {
"date": "2024-11-22T02:35:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2009:0377",
"initial_release_date": "2009-04-07T18:36:00+00:00",
"revision_history": [
{
"date": "2009-04-07T18:36:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-04-07T14:36:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T02:35:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-0.30.b09.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_id": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-0.30.b09.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-0.30.b09.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-0.30.b09.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-0.30.b09.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"product": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-0.30.b09.el5?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-0.30.b09.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"product_id": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-0.30.b09.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-0.30.b09.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-0.30.b09.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-0.30.b09.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"product": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-0.30.b09.el5?arch=i386\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"product": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"product_id": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-0.30.b09.el5?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386"
},
"product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
},
"product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-2426",
"discovery_date": "2007-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "395481"
}
],
"notes": [
{
"category": "description",
"text": "Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Untrusted applet causes DoS by filling up disk space",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-2426"
},
{
"category": "external",
"summary": "RHBZ#395481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=395481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-2426",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2426"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-2426",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2426"
}
],
"release_date": "2006-05-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Untrusted applet causes DoS by filling up disk space"
},
{
"acknowledgments": [
{
"names": [
"Chris Evans"
],
"organization": "Google Security Team"
}
],
"cve": "CVE-2009-0581",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2009-02-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "487509"
}
],
"notes": [
{
"category": "description",
"text": "Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "LittleCms memory leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0581"
},
{
"category": "external",
"summary": "RHBZ#487509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487509"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0581",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0581"
}
],
"release_date": "2009-03-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "LittleCms memory leak"
},
{
"acknowledgments": [
{
"names": [
"Chris Evans"
],
"organization": "Google Security Team"
}
],
"cve": "CVE-2009-0723",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2009-02-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "487508"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "LittleCms integer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0723"
},
{
"category": "external",
"summary": "RHBZ#487508",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487508"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0723",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0723"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0723",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0723"
}
],
"release_date": "2009-03-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "LittleCms integer overflow"
},
{
"acknowledgments": [
{
"names": [
"Chris Evans"
],
"organization": "Google Security Team"
}
],
"cve": "CVE-2009-0733",
"discovery_date": "2009-02-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "487512"
}
],
"notes": [
{
"category": "description",
"text": "Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "LittleCms lack of upper-bounds check on sizes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0733"
},
{
"category": "external",
"summary": "RHBZ#487512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0733",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0733"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0733"
}
],
"release_date": "2009-03-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "LittleCms lack of upper-bounds check on sizes"
},
{
"cve": "CVE-2009-0793",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2009-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492353"
}
],
"notes": [
{
"category": "description",
"text": "cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for \"transformations of monochrome profiles.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lcms: Null pointer dereference (DoS) by handling transformations of monochrome profiles",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0793"
},
{
"category": "external",
"summary": "RHBZ#492353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492353"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0793",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0793"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0793",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0793"
}
],
"release_date": "2009-04-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "lcms: Null pointer dereference (DoS) by handling transformations of monochrome profiles"
},
{
"cve": "CVE-2009-1093",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490167"
}
],
"notes": [
{
"category": "description",
"text": "LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK remote LDAP Denial-Of-Service (6717680)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1093"
},
{
"category": "external",
"summary": "RHBZ#490167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1093",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1093"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1093",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1093"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK remote LDAP Denial-Of-Service (6717680)"
},
{
"cve": "CVE-2009-1094",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490168"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK LDAP client remote code execution (6737315)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1094"
},
{
"category": "external",
"summary": "RHBZ#490168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490168"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1094"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1094",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1094"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK LDAP client remote code execution (6737315)"
},
{
"cve": "CVE-2009-1095",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490169"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1095"
},
{
"category": "external",
"summary": "RHBZ#490169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490169"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1095",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1095"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1095",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1095"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)"
},
{
"cve": "CVE-2009-1096",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490169"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1096"
},
{
"category": "external",
"summary": "RHBZ#490169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490169"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1096",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1096"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1096",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1096"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)"
},
{
"cve": "CVE-2009-1097",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490174"
}
],
"notes": [
{
"category": "description",
"text": "Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: PNG and GIF processing buffer overflow vulnerabilities (6804996, 6804997)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1097"
},
{
"category": "external",
"summary": "RHBZ#490174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490174"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1097",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1097"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1097",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1097"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: PNG and GIF processing buffer overflow vulnerabilities (6804996, 6804997)"
},
{
"cve": "CVE-2009-1098",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490178"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK GIF processing buffer overflow vulnerability (6804998)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1098"
},
{
"category": "external",
"summary": "RHBZ#490178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490178"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1098",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1098"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1098",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1098"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK GIF processing buffer overflow vulnerability (6804998)"
},
{
"cve": "CVE-2009-1101",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490166"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor \"leak.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1101"
},
{
"category": "external",
"summary": "RHBZ#490166",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490166"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1101",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1101"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1101",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1101"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)"
},
{
"cve": "CVE-2009-1102",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490172"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"code generation.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK code generation vulnerability (6636360)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1102"
},
{
"category": "external",
"summary": "RHBZ#490172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490172"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1102"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-07T18:36:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Client:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Client:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.src",
"5Server:java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5.x86_64",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.i386",
"5Server:java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK code generation vulnerability (6636360)"
}
]
}
rhsa-2009:0392
Vulnerability from csaf_redhat
Published
2009-03-26 16:03
Modified
2024-11-14 10:07
Summary
Red Hat Security Advisory: java-1.6.0-sun security update
Notes
Topic
Updated java-1.6.0-sun packages that correct several security issues are
now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and
the Sun Java 6 Software Development Kit.
This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. These
vulnerabilities are summarized on the "Advance notification of Security
Updates for Java SE" page from Sun Microsystems, listed in the References
section. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,
CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105,
CVE-2009-1106, CVE-2009-1107)
Users of java-1.6.0-sun should upgrade to these updated packages, which
correct these issues. All running instances of Sun Java must be restarted
for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated java-1.6.0-sun packages that correct several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the \"Advance notification of Security\nUpdates for Java SE\" page from Sun Microsystems, listed in the References\nsection. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105,\nCVE-2009-1106, CVE-2009-1107)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:0392",
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://blogs.sun.com/security/entry/advance_notification_of_security_updates4",
"url": "http://blogs.sun.com/security/entry/advance_notification_of_security_updates4"
},
{
"category": "external",
"summary": "395481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=395481"
},
{
"category": "external",
"summary": "490166",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490166"
},
{
"category": "external",
"summary": "490167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490167"
},
{
"category": "external",
"summary": "490168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490168"
},
{
"category": "external",
"summary": "490169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490169"
},
{
"category": "external",
"summary": "490172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490172"
},
{
"category": "external",
"summary": "490174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490174"
},
{
"category": "external",
"summary": "490178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490178"
},
{
"category": "external",
"summary": "492302",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492302"
},
{
"category": "external",
"summary": "492305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492305"
},
{
"category": "external",
"summary": "492306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492306"
},
{
"category": "external",
"summary": "492308",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492308"
},
{
"category": "external",
"summary": "492309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492309"
},
{
"category": "external",
"summary": "492310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492310"
},
{
"category": "external",
"summary": "492312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492312"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0392.json"
}
],
"title": "Red Hat Security Advisory: java-1.6.0-sun security update",
"tracking": {
"current_release_date": "2024-11-14T10:07:22+00:00",
"generator": {
"date": "2024-11-14T10:07:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2009:0392",
"initial_release_date": "2009-03-26T16:03:00+00:00",
"revision_history": [
{
"date": "2009-03-26T16:03:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-03-26T12:03:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T10:07:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_id": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.13-1jpp.1.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_id": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.13-1jpp.1.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_id": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.13-1jpp.1.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_id": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.13-1jpp.1.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_id": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.13-1jpp.1.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"product": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_id": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.13-1jpp.1.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"product": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_id": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.13-1jpp.1.el4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"product": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_id": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.13-1jpp.1.el4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"product": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_id": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.13-1jpp.1.el4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"product": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_id": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.13-1jpp.1.el4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"product": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_id": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.13-1jpp.1.el4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"product": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_id": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.13-1jpp.1.el4?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"product": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"product_id": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.13-1jpp.1.el5?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"product": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"product_id": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.13-1jpp.1.el5?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"product": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"product_id": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.13-1jpp.1.el5?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"product": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"product_id": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.13-1jpp.1.el5?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"product": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"product_id": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.13-1jpp.1.el5?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"product": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"product_id": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.13-1jpp.1.el5?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"product": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"product_id": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.13-1jpp.1.el4?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"product": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"product_id": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.13-1jpp.1.el4?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"product": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"product_id": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.13-1jpp.1.el4?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"product": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"product_id": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.13-1jpp.1.el4?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"product": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"product_id": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.13-1jpp.1.el4?arch=i586\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"product": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"product_id": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.13-1jpp.1.el4?arch=i586\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i586"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
},
"product_reference": "java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-2426",
"discovery_date": "2007-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "395481"
}
],
"notes": [
{
"category": "description",
"text": "Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Untrusted applet causes DoS by filling up disk space",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-2426"
},
{
"category": "external",
"summary": "RHBZ#395481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=395481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-2426",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2426"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-2426",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2426"
}
],
"release_date": "2006-05-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Untrusted applet causes DoS by filling up disk space"
},
{
"cve": "CVE-2009-1093",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490167"
}
],
"notes": [
{
"category": "description",
"text": "LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK remote LDAP Denial-Of-Service (6717680)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1093"
},
{
"category": "external",
"summary": "RHBZ#490167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1093",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1093"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1093",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1093"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK remote LDAP Denial-Of-Service (6717680)"
},
{
"cve": "CVE-2009-1094",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490168"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK LDAP client remote code execution (6737315)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1094"
},
{
"category": "external",
"summary": "RHBZ#490168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490168"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1094"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1094",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1094"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK LDAP client remote code execution (6737315)"
},
{
"cve": "CVE-2009-1095",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490169"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1095"
},
{
"category": "external",
"summary": "RHBZ#490169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490169"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1095",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1095"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1095",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1095"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)"
},
{
"cve": "CVE-2009-1096",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490169"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1096"
},
{
"category": "external",
"summary": "RHBZ#490169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490169"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1096",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1096"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1096",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1096"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK Pack200 Buffer overflow vulnerability (6792554)"
},
{
"cve": "CVE-2009-1097",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490174"
}
],
"notes": [
{
"category": "description",
"text": "Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: PNG and GIF processing buffer overflow vulnerabilities (6804996, 6804997)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1097"
},
{
"category": "external",
"summary": "RHBZ#490174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490174"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1097",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1097"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1097",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1097"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: PNG and GIF processing buffer overflow vulnerabilities (6804996, 6804997)"
},
{
"cve": "CVE-2009-1098",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490178"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK GIF processing buffer overflow vulnerability (6804998)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1098"
},
{
"category": "external",
"summary": "RHBZ#490178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490178"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1098",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1098"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1098",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1098"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK GIF processing buffer overflow vulnerability (6804998)"
},
{
"cve": "CVE-2009-1099",
"discovery_date": "2009-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492302"
}
],
"notes": [
{
"category": "description",
"text": "Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Type1 font processing buffer overflow vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1099"
},
{
"category": "external",
"summary": "RHBZ#492302",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492302"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1099",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1099"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1099",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1099"
}
],
"release_date": "2009-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: Type1 font processing buffer overflow vulnerability"
},
{
"cve": "CVE-2009-1100",
"discovery_date": "2009-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492305"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) \"limits on Font creation,\" aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: DoS (disk consumption) via handling of temporary font files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1100"
},
{
"category": "external",
"summary": "RHBZ#492305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492305"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1100",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1100"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1100",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1100"
}
],
"release_date": "2009-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "OpenJDK: DoS (disk consumption) via handling of temporary font files"
},
{
"cve": "CVE-2009-1101",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490166"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor \"leak.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1101"
},
{
"category": "external",
"summary": "RHBZ#490166",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490166"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1101",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1101"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1101",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1101"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)"
},
{
"cve": "CVE-2009-1102",
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490172"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"code generation.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK code generation vulnerability (6636360)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1102"
},
{
"category": "external",
"summary": "RHBZ#490172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490172"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1102"
}
],
"release_date": "2009-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK code generation vulnerability (6636360)"
},
{
"cve": "CVE-2009-1103",
"discovery_date": "2009-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492306"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"deserializing applets,\" aka CR 6646860.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Files disclosure, arbitrary code execution via \"deserializing applets\" (6646860)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1103"
},
{
"category": "external",
"summary": "RHBZ#492306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492306"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1103",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1103"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1103",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1103"
}
],
"release_date": "2009-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: Files disclosure, arbitrary code execution via \"deserializing applets\" (6646860)"
},
{
"cve": "CVE-2009-1104",
"discovery_date": "2009-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492308"
}
],
"notes": [
{
"category": "description",
"text": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Intended access restrictions bypass via LiveConnect (6724331)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1104"
},
{
"category": "external",
"summary": "RHBZ#492308",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492308"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1104",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1104"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1104",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1104"
}
],
"release_date": "2009-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: Intended access restrictions bypass via LiveConnect (6724331)"
},
{
"cve": "CVE-2009-1105",
"discovery_date": "2009-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492309"
}
],
"notes": [
{
"category": "description",
"text": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Possibility of trusted applet run in older, vulnerable version of JRE (6706490)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1105"
},
{
"category": "external",
"summary": "RHBZ#492309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492309"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1105",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1105"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1105",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1105"
}
],
"release_date": "2009-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: Possibility of trusted applet run in older, vulnerable version of JRE (6706490)"
},
{
"cve": "CVE-2009-1106",
"discovery_date": "2009-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492310"
}
],
"notes": [
{
"category": "description",
"text": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Improper parsing of crossdomain.xml files (intended access restriction bypass) (6798948)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1106"
},
{
"category": "external",
"summary": "RHBZ#492310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1106",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1106"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1106",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1106"
}
],
"release_date": "2009-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: Improper parsing of crossdomain.xml files (intended access restriction bypass) (6798948)"
},
{
"cve": "CVE-2009-1107",
"discovery_date": "2009-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "492312"
}
],
"notes": [
{
"category": "description",
"text": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a \"Swing JLabel HTML parsing vulnerability,\" aka CR 6782871.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: Signed applet remote misuse possibility (6782871)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1107"
},
{
"category": "external",
"summary": "RHBZ#492312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492312"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1107",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1107"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1107",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1107"
}
],
"release_date": "2009-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-03-26T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0392"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4AS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4ES-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4.x86_64",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.i586",
"4WS-LACD:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4.x86_64",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5.x86_64",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.i586",
"5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: Signed applet remote misuse possibility (6782871)"
}
]
}
fkie_cve-2009-1102
Vulnerability from fkie_nvd
Published
2009-03-25 23:30
Modified
2024-11-21 01:01
Severity ?
Summary
Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DDA9F90-5D16-4E04-B285-D32C362279C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"code generation.\""
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en la M\u00e1quina Virtual de Java en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) 6 Update 12 y anteriores, permite a atacantes remotos acceder a ficheros y ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores desconocidos relacionados con la \"generaci\u00f3n de c\u00f3digo\"."
}
],
"id": "CVE-2009-1102",
"lastModified": "2024-11-21T01:01:42.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-25T23:30:00.390",
"references": [
{
"source": "cve@mitre.org",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
},
{
"source": "cve@mitre.org",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34489"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34496"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34632"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35223"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35255"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/37386"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/37460"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34240"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021919"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-748-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1426"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10300"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6722"
},
{
"source": "cve@mitre.org",
"url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-748-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2009-1102
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2009-1102",
"description": "Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"code generation.\"",
"id": "GSD-2009-1102",
"references": [
"https://www.suse.com/security/cve/CVE-2009-1102.html",
"https://access.redhat.com/errata/RHSA-2009:0392",
"https://access.redhat.com/errata/RHSA-2009:0377",
"https://linux.oracle.com/cve/CVE-2009-1102.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2009-1102"
],
"details": "Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"code generation.\"",
"id": "GSD-2009-1102",
"modified": "2023-12-13T01:19:47.769656Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"code generation.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:6722",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6722"
},
{
"name": "MDVSA-2009:137",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"name": "34632",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34632"
},
{
"name": "SSRT090058",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
},
{
"name": "SUSE-SA:2009:029",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
},
{
"name": "37460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37460"
},
{
"name": "34489",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34489"
},
{
"name": "GLSA-200911-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "HPSBUX02429",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
},
{
"name": "254610",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1"
},
{
"name": "RHSA-2009:0377",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
},
{
"name": "35255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35255"
},
{
"name": "ADV-2009-1426",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1426"
},
{
"name": "1021919",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021919"
},
{
"name": "MDVSA-2009:162",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "RHSA-2009:0392",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
},
{
"name": "oval:org.mitre.oval:def:10300",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10300"
},
{
"name": "35223",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35223"
},
{
"name": "34240",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34240"
},
{
"name": "34496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34496"
},
{
"name": "HPSBMA02429",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
},
{
"name": "USN-748-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-748-1"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
},
{
"name": "37386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37386"
},
{
"name": "SUSE-SA:2009:016",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sun:java:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1102"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"code generation.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "254610",
"refsource": "SUNALERT",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1"
},
{
"name": "RHSA-2009:0392",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
},
{
"name": "34240",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/34240"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
"refsource": "CONFIRM",
"tags": [],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
},
{
"name": "USN-748-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/usn-748-1"
},
{
"name": "1021919",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id?1021919"
},
{
"name": "34489",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/34489"
},
{
"name": "RHSA-2009:0377",
"refsource": "REDHAT",
"tags": [],
"url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
},
{
"name": "34496",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/34496"
},
{
"name": "SUSE-SA:2009:016",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
},
{
"name": "34632",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/34632"
},
{
"name": "SUSE-SA:2009:029",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
},
{
"name": "35223",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/35223"
},
{
"name": "SSRT090058",
"refsource": "HP",
"tags": [],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
},
{
"name": "ADV-2009-1426",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2009/1426"
},
{
"name": "35255",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/35255"
},
{
"name": "HPSBUX02429",
"refsource": "HP",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
},
{
"name": "MDVSA-2009:137",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"name": "MDVSA-2009:162",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"name": "GLSA-200911-02",
"refsource": "GENTOO",
"tags": [],
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "37460",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/37460"
},
{
"name": "37386",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/37386"
},
{
"name": "oval:org.mitre.oval:def:6722",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6722"
},
{
"name": "oval:org.mitre.oval:def:10300",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10300"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-10-10T19:34Z",
"publishedDate": "2009-03-25T23:30Z"
}
}
}
ghsa-mxp4-j667-h9h6
Vulnerability from github
Published
2022-05-02 03:21
Modified
2022-05-02 03:21
Details
Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."
{
"affected": [],
"aliases": [
"CVE-2009-1102"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-03-25T23:30:00Z",
"severity": "MODERATE"
},
"details": "Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"code generation.\"",
"id": "GHSA-mxp4-j667-h9h6",
"modified": "2022-05-02T03:21:37Z",
"published": "2022-05-02T03:21:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1102"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10300"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6722"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
},
{
"type": "WEB",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/34489"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/34496"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/34632"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35223"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35255"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/37386"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/37460"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1"
},
{
"type": "WEB",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/34240"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1021919"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-748-1"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/1426"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/3316"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.