{"bulletinFamily": "unix", "reporter": "Arch Linux", "history": [], "modified": "2015-04-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}, "vulnersScore": 9.3}, "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "7.u79_2.5.5-1", "packageFilename": "UNKNOWN", "packageName": "jre7-openjdk-headless", "arch": "any", "operator": "lt"}], "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "title": "jre7-openjdk-headless: multiple issues", "objectVersion": "1.2", "edition": 1, "description": "- CVE-2005-1080 CVE-2015-0480 (directory traversal)\n\nA directory traversal flaw was found in the way the jar tool extracted\nJAR archive files. A specially crafted JAR archive could cause jar to\noverwrite arbitrary files writable by the user running jar when the\narchive was extracted.\n\n- CVE-2015-0460 (arbitrary code execution)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use\nthis flaw to corrupt the Java Virtual Machine memory and, possibly,\nexecute arbitrary code, bypassing Java sandbox restrictions.\n\n- CVE-2015-0469 (arbitrary code execution)\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font\nfile could possibly cause the Java Virtual Machine to execute arbitrary\ncode, allowing an untrusted Java application or applet to bypass Java\nsandbox restrictions.\n\n- CVE-2015-0477 (sandbox restriction bypass)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain Java\nsandbox restrictions.\n\n- CVE-2015-0478 (weak implementation)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n\n- CVE-2015-0488 (denial of service)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly.", "type": "archlinux", "references": ["https://access.redhat.com/security/cve/CVE-2015-0469", "https://access.redhat.com/security/cve/CVE-2015-0478", "https://access.redhat.com/security/cve/CVE-2015-0460", "https://access.redhat.com/security/cve/CVE-2015-0480", "https://access.redhat.com/security/cve/CVE-2015-0488", "https://access.redhat.com/security/cve/CVE-2015-0477", "https://access.redhat.com/security/cve/CVE-2005-1080"], "hash": "9375d3194b52905b06bb4e731aa9a8ca02be75bd4323c17df9211c9855ad5a8c", "viewCount": 8, "href": "https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html", "published": "2015-04-17T00:00:00", "lastseen": "2016-09-02T18:44:37", "id": "ASA-201504-17"}

{"f5": [{"lastseen": "2016-09-26T17:23:27", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n", "reporter": "f5", "published": "2015-08-24T00:00:00", "title": "SOL17136 - Java and JRockit vulnerabilities CVE-2015-0478 and CVE-2015-0488", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Traffix SDC", "version": "4.4.0", "operator": "le"}], "cvelist": ["CVE-2015-0478", "CVE-2015-0488"], "modified": "2016-07-25T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/100/sol17136.html", "id": "SOL17136", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-06-08T00:16:36", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned IDs 519664 and 519668 (BIG-IP) and INSTALLER-1350 (Traffix SDC) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| None| 11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP Analytics| None| 11.0.0 - 11.6.0| Not vulnerable| None \nBIG-IP APM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 3.3.2 - 4.4.0| None| Low| JDK \nBIG-IP Edge Clients for Android| None| 2.0.0 - 2.0.6| Not vulnerable| None \nBIG-IP Edge Clients for Apple iOS| None| 2.0.0 - 2.0.4 \n1.0.5 - 1.0.6| Not vulnerable| None \nBIG-IP Edge Clients for Linux| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients for MAC OS X| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients for Windows| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients Windows Phone 8.1| None| 1.0.0.x| Not vulnerable| None \nBIG-IP Edge Portal for Android| None| 1.0.0 - 1.0.2| Not vulnerable| None \nBIG-IP Edge Portal for Apple iOS| None| 1.0.0 - 1.0.3| Not vulnerable| None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the** Severity **value. Security Advisory articles published before this date do not list a **Severity **value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n", "reporter": "f5", "published": "2015-08-25T00:49:00", "title": "Java and JRockit vulnerabilities CVE-2015-0478 and CVE-2015-0488", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "affectedSoftware": [], "bulletinFamily": "software", "cvelist": ["CVE-2015-0478", "CVE-2015-0488"], "modified": "2017-04-06T16:51:00", "id": "F5:K17136", "href": "https://support.f5.com/csp/article/K17136", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-05T00:18:51", "references": [], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP AAM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None \nBIG-IP GTM | None | 11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP PSM | None | 11.4.1 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None \nBIG-IP WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | Not vulnerable | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "reporter": "f5", "published": "2017-10-04T23:31:00", "title": "OpenJDK vulnerability CVE-2005-1080", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-1080"], "modified": "2017-10-04T23:31:00", "href": "https://support.f5.com/csp/article/K60565503", "id": "F5:K60565503", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-06-08T00:16:12", "references": [], "edition": 1, "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| None| 11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP Analytics| None| 11.0.0 - 11.6.0| Not vulnerable| None \nBIG-IP APM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 \n| Not vulnerable| None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the **Severity** value. Security Advisory articles published before this date do not list a **Severity** value.\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "reporter": "f5", "published": "2015-08-13T02:14:00", "title": "Multiple Java vulnerabilities", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0460", "CVE-2015-0470", "CVE-2015-0480", "CVE-2015-0486", "CVE-2015-0491"], "modified": "2017-04-06T16:51:00", "href": "https://support.f5.com/csp/article/K17125", "id": "F5:K17125", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:09:33", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "reporter": "f5", "published": "2015-08-12T00:00:00", "title": "SOL17125 - Multiple Java vulnerabilities", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0460", "CVE-2015-0470", "CVE-2015-0480", "CVE-2015-0486", "CVE-2015-0491"], "modified": "2016-07-25T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/100/sol17125.html", "id": "SOL17125", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:12", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2015-0469", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-0480", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-0477", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-0460", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-0488", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-0478"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "7u79-2.5.5-0ubuntu0.14.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "7u79-2.5.5-0ubuntu0.14.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-7-jre-jamvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "7u79-2.5.5-0ubuntu0.14.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-source", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "7u79-2.5.5-0ubuntu0.14.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "7u79-2.5.5-0ubuntu0.14.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-7-jre-jamvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "7u79-2.5.5-0ubuntu0.14.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "7u79-2.5.5-0ubuntu0.14.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "7u79-2.5.5-0ubuntu0.14.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-doc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "7u79-2.5.5-0ubuntu0.14.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "7u79-2.5.5-0ubuntu0.14.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "7u79-2.5.5-0ubuntu0.14.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-demo", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "7u79-2.5.5-0ubuntu0.14.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "7u79-2.5.5-0ubuntu0.14.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jdk", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "7u79-2.5.5-0ubuntu0.14.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-source", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "7u79-2.5.5-0ubuntu0.14.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jdk", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "7u79-2.5.5-0ubuntu0.14.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-doc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "7u79-2.5.5-0ubuntu0.14.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "7u79-2.5.5-0ubuntu0.14.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-demo", "operator": "lt"}], "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469)\n\nAlexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. (CVE-2015-0480)\n\nFlorian Weimer discovered that the RSA implementation in the JCE component in OpenJDK JRE did not follow recommended practices for implementing RSA signatures. An attacker could use this to expose sensitive data. (CVE-2015-0478)\n\nA vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this expose sensitive data over the network. (CVE-2015-0477)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2015-0488)", "edition": 3, "reporter": "Ubuntu", "published": "2015-04-21T00:00:00", "title": "OpenJDK 7 vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2015-04-21T00:00:00", "id": "USN-2574-1", "href": "https://usn.ubuntu.com/2574-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:17", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2015-0469", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-0480", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-0477", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-0460", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-0488", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-0478"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b35-1.13.7-1ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-demo", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b35-1.13.7-1ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-cacao", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b35-1.13.7-1ubuntu0.10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b35-1.13.7-1ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b35-1.13.7-1ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-doc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b35-1.13.7-1ubuntu0.10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-source", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b35-1.13.7-1ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-source", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b35-1.13.7-1ubuntu0.10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-doc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b35-1.13.7-1ubuntu0.10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-cacao", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b35-1.13.7-1ubuntu0.10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jdk", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b35-1.13.7-1ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jdk", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b35-1.13.7-1ubuntu0.10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b35-1.13.7-1ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b35-1.13.7-1ubuntu0.10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-demo", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b35-1.13.7-1ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b35-1.13.7-1ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-jamvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b35-1.13.7-1ubuntu0.10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b35-1.13.7-1ubuntu0.10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b35-1.13.7-1ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}], "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469)\n\nAlexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. (CVE-2015-0480)\n\nFlorian Weimer discovered that the RSA implementation in the JCE component in OpenJDK JRE did not follow recommended practices for implementing RSA signatures. An attacker could use this to expose sensitive data. (CVE-2015-0478)\n\nA vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this expose sensitive data over the network. (CVE-2015-0477)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2015-0488)", "edition": 3, "reporter": "Ubuntu", "published": "2015-04-21T00:00:00", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2015-04-21T00:00:00", "id": "USN-2573-1", "href": "https://usn.ubuntu.com/2573-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-12-02T15:28:23", "references": ["https://usn.ubuntu.com/2574-1/"], "pluginID": "82992", "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469)\n\nAlexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. (CVE-2015-0480)\n\nFlorian Weimer discovered that the RSA implementation in the JCE component in OpenJDK JRE did not follow recommended practices for implementing RSA signatures. An attacker could use this to expose sensitive data. (CVE-2015-0478)\n\nA vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this expose sensitive data over the network. (CVE-2015-0477)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2015-0488).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2015-04-22T00:00:00", "title": "Ubuntu 14.04 LTS / 14.10 : openjdk-7 vulnerabilities (USN-2574-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2018-12-01T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-zero", "p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-jamvm", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-doc", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-demo", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-source", "cpe:/o:canonical:ubuntu_linux:14.10", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jdk", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-lib", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2574-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82992", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2574-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82992);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\");\n script_xref(name:\"USN\", value:\"2574-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 14.10 : openjdk-7 vulnerabilities (USN-2574-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure, data integrity and availability. An attacker\ncould exploit these to cause a denial of service or expose sensitive\ndata over the network. (CVE-2015-0460, CVE-2015-0469)\n\nAlexander Cherepanov discovered that OpenJDK JRE was vulnerable to\ndirectory traversal issues with respect to handling jar files. An\nattacker could use this to expose sensitive data. (CVE-2015-0480)\n\nFlorian Weimer discovered that the RSA implementation in the JCE\ncomponent in OpenJDK JRE did not follow recommended practices for\nimplementing RSA signatures. An attacker could use this to expose\nsensitive data. (CVE-2015-0478)\n\nA vulnerability was discovered in the OpenJDK JRE related to data\nintegrity. An attacker could exploit this expose sensitive data over\nthe network. (CVE-2015-0477)\n\nA vulnerability was discovered in the OpenJDK JRE related to\navailability. An attacker could exploit these to cause a denial of\nservice. (CVE-2015-0488).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2574-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"icedtea-7-jre-jamvm\", pkgver:\"7u79-2.5.5-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openjdk-7-demo\", pkgver:\"7u79-2.5.5-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openjdk-7-doc\", pkgver:\"7u79-2.5.5-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openjdk-7-jdk\", pkgver:\"7u79-2.5.5-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openjdk-7-jre\", pkgver:\"7u79-2.5.5-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openjdk-7-jre-headless\", pkgver:\"7u79-2.5.5-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openjdk-7-jre-lib\", pkgver:\"7u79-2.5.5-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openjdk-7-jre-zero\", pkgver:\"7u79-2.5.5-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openjdk-7-source\", pkgver:\"7u79-2.5.5-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"icedtea-7-jre-jamvm\", pkgver:\"7u79-2.5.5-0ubuntu0.14.10.2\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"openjdk-7-demo\", pkgver:\"7u79-2.5.5-0ubuntu0.14.10.2\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"openjdk-7-doc\", pkgver:\"7u79-2.5.5-0ubuntu0.14.10.2\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"openjdk-7-jdk\", pkgver:\"7u79-2.5.5-0ubuntu0.14.10.2\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"openjdk-7-jre\", pkgver:\"7u79-2.5.5-0ubuntu0.14.10.2\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"openjdk-7-jre-headless\", pkgver:\"7u79-2.5.5-0ubuntu0.14.10.2\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"openjdk-7-jre-lib\", pkgver:\"7u79-2.5.5-0ubuntu0.14.10.2\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"openjdk-7-jre-zero\", pkgver:\"7u79-2.5.5-0ubuntu0.14.10.2\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"openjdk-7-source\", pkgver:\"7u79-2.5.5-0ubuntu0.14.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-7-jre-jamvm / openjdk-7-demo / openjdk-7-doc / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-02T15:26:02", "references": ["https://usn.ubuntu.com/2573-1/"], "pluginID": "82991", "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469)\n\nAlexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. (CVE-2015-0480)\n\nFlorian Weimer discovered that the RSA implementation in the JCE component in OpenJDK JRE did not follow recommended practices for implementing RSA signatures. An attacker could use this to expose sensitive data. (CVE-2015-0478)\n\nA vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this expose sensitive data over the network. (CVE-2015-0477)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2015-0488).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2015-04-22T00:00:00", "title": "Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2573-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2018-12-01T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jdk", "p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-doc", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-demo", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2573-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82991", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2573-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82991);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\");\n script_bugtraq_id(74072, 74097, 74104, 74111, 74119, 74147);\n script_xref(name:\"USN\", value:\"2573-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2573-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure, data integrity and availability. An attacker\ncould exploit these to cause a denial of service or expose sensitive\ndata over the network. (CVE-2015-0460, CVE-2015-0469)\n\nAlexander Cherepanov discovered that OpenJDK JRE was vulnerable to\ndirectory traversal issues with respect to handling jar files. An\nattacker could use this to expose sensitive data. (CVE-2015-0480)\n\nFlorian Weimer discovered that the RSA implementation in the JCE\ncomponent in OpenJDK JRE did not follow recommended practices for\nimplementing RSA signatures. An attacker could use this to expose\nsensitive data. (CVE-2015-0478)\n\nA vulnerability was discovered in the OpenJDK JRE related to data\nintegrity. An attacker could exploit this expose sensitive data over\nthe network. (CVE-2015-0477)\n\nA vulnerability was discovered in the OpenJDK JRE related to\navailability. An attacker could exploit these to cause a denial of\nservice. (CVE-2015-0488).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2573-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b35-1.13.7-1ubuntu0.10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-demo\", pkgver:\"6b35-1.13.7-1ubuntu0.10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-doc\", pkgver:\"6b35-1.13.7-1ubuntu0.10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jdk\", pkgver:\"6b35-1.13.7-1ubuntu0.10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b35-1.13.7-1ubuntu0.10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b35-1.13.7-1ubuntu0.10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b35-1.13.7-1ubuntu0.10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b35-1.13.7-1ubuntu0.10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-source\", pkgver:\"6b35-1.13.7-1ubuntu0.10.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b35-1.13.7-1ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"icedtea-6-jre-jamvm\", pkgver:\"6b35-1.13.7-1ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-demo\", pkgver:\"6b35-1.13.7-1ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-doc\", pkgver:\"6b35-1.13.7-1ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jdk\", pkgver:\"6b35-1.13.7-1ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b35-1.13.7-1ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b35-1.13.7-1ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b35-1.13.7-1ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b35-1.13.7-1ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-source\", pkgver:\"6b35-1.13.7-1ubuntu0.12.04.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-6-jre-cacao / icedtea-6-jre-jamvm / openjdk-6-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:01:28", "references": ["http://advisories.mageia.org/MGASA-2015-0158.html"], "pluginID": "83104", "description": "Updated java-1.7.0 packages fix security vulnerabilities :\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions (CVE-2015-0469).\n\nA flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions (CVE-2015-0460).\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly (CVE-2015-0488).\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions (CVE-2015-0477).\n\nA directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted (CVE-2005-1080, CVE-2015-0480).\n\nIt was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures (CVE-2015-0478).", "edition": 5, "reporter": "Tenable", "published": "2015-04-28T00:00:00", "title": "Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2015:212)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2018-07-19T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:java-1.7.0-openjdk", "p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-accessibility", "p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-demo", "p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-headless", "p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-src", "p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-devel", "p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-javadoc"], "id": "MANDRIVA_MDVSA-2015-212.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83104", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:212. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83104);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/07/19 20:59:19\");\n\n script_cve_id(\"CVE-2005-1080\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\");\n script_bugtraq_id(13083, 74072, 74097, 74104, 74111, 74119, 74147);\n script_xref(name:\"MDVSA\", value:\"2015:212\");\n\n script_name(english:\"Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2015:212)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0 packages fix security vulnerabilities :\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the\nfont parsing code in the 2D component in OpenJDK. A specially crafted\nfont file could possibly cause the Java Virtual Machine to execute\narbitrary code, allowing an untrusted Java application or applet to\nbypass Java sandbox restrictions (CVE-2015-0469).\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use\nthis flaw to corrupt the Java Virtual Machine memory and, possibly,\nexecute arbitrary code, bypassing Java sandbox restrictions\n(CVE-2015-0460).\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE\nto raise an exception, possibly causing an application using JSSE to\nexit unexpectedly (CVE-2015-0488).\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted\nJava application or applet could use this flaw to bypass certain Java\nsandbox restrictions (CVE-2015-0477).\n\nA directory traversal flaw was found in the way the jar tool extracted\nJAR archive files. A specially crafted JAR archive could cause jar to\noverwrite arbitrary files writable by the user running jar when the\narchive was extracted (CVE-2005-1080, CVE-2015-0480).\n\nIt was found that the RSA implementation in the JCE component in\nOpenJDK did not follow recommended practices for implementing RSA\nsignatures (CVE-2015-0478).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0158.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.65-2.5.5.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.65-2.5.5.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.65-2.5.5.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.65-2.5.5.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.65-2.5.5.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.65-2.5.5.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.65-2.5.5.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-11T13:05:30", "references": ["http://www.nessus.org/u?fcc627aa", "http://www.nessus.org/u?2107eaa9"], "pluginID": "82804", "description": "Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions.\n(CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488)\n\nMultiple flaws were discovered in the Beans and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-0477, CVE-2015-0470)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 7, "reporter": "Tenable", "published": "2015-04-16T00:00:00", "title": "CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2015:0809)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.8.0-openjdk"], "id": "CENTOS_RHSA-2015-0809.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82804", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0809 and \n# CentOS Errata and Security Advisory 2015:0809 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82804);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2005-1080\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0470\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\");\n script_bugtraq_id(13083, 74072, 74097, 74104, 74111, 74119, 74147, 74149);\n script_xref(name:\"RHSA\", value:\"2015:0809\");\n\n script_name(english:\"CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2015:0809)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.8.0-openjdk packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the\nfont parsing code in the 2D component in OpenJDK. A specially crafted\nfont file could possibly cause the Java Virtual Machine to execute\narbitrary code, allowing an untrusted Java application or applet to\nbypass Java sandbox restrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use\nthis flaw to corrupt the Java Virtual Machine memory and, possibly,\nexecute arbitrary code, bypassing Java sandbox restrictions.\n(CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE\nto raise an exception, possibly causing an application using JSSE to\nexit unexpectedly. (CVE-2015-0488)\n\nMultiple flaws were discovered in the Beans and Hotspot components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2015-0477,\nCVE-2015-0470)\n\nA directory traversal flaw was found in the way the jar tool extracted\nJAR archive files. A specially crafted JAR archive could cause jar to\noverwrite arbitrary files writable by the user running jar when the\narchive was extracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in\nOpenJDK did not follow recommended practices for implementing RSA\nsignatures. (CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.8.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-April/021067.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2107eaa9\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-April/021070.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fcc627aa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.8.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-demo-1.8.0.45-28.b13.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-devel-1.8.0.45-28.b13.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-headless-1.8.0.45-28.b13.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.45-28.b13.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-src-1.8.0.45-28.b13.el6_6\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.45-30.b13.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.45-30.b13.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.45-30.b13.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.45-30.b13.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.45-30.b13.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.45-30.b13.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.45-30.b13.el7_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T17:09:29", "references": ["https://access.redhat.com/security/cve/cve-2015-0469", "https://access.redhat.com/security/cve/cve-2015-0480", "https://access.redhat.com/security/cve/cve-2015-0460", "https://access.redhat.com/security/cve/cve-2015-0478", "https://access.redhat.com/security/cve/cve-2015-0470", "https://access.redhat.com/security/cve/cve-2015-0477", "https://access.redhat.com/errata/RHSA-2015:0809", "https://access.redhat.com/security/cve/cve-2005-1080", "https://access.redhat.com/security/cve/cve-2015-0488"], "pluginID": "82811", "description": "Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions.\n(CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488)\n\nMultiple flaws were discovered in the Beans and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-0477, CVE-2015-0470)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 9, "reporter": "Tenable", "published": "2015-04-16T00:00:00", "title": "RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2015:0809)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src", "cpe:/o:redhat:enterprise_linux:7.1", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:6.6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk"], "id": "REDHAT-RHSA-2015-0809.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82811", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0809. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82811);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2005-1080\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0470\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\");\n script_bugtraq_id(13083, 74072, 74097, 74104, 74111, 74119, 74147, 74149);\n script_xref(name:\"RHSA\", value:\"2015:0809\");\n\n script_name(english:\"RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2015:0809)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.8.0-openjdk packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the\nfont parsing code in the 2D component in OpenJDK. A specially crafted\nfont file could possibly cause the Java Virtual Machine to execute\narbitrary code, allowing an untrusted Java application or applet to\nbypass Java sandbox restrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use\nthis flaw to corrupt the Java Virtual Machine memory and, possibly,\nexecute arbitrary code, bypassing Java sandbox restrictions.\n(CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE\nto raise an exception, possibly causing an application using JSSE to\nexit unexpectedly. (CVE-2015-0488)\n\nMultiple flaws were discovered in the Beans and Hotspot components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2015-0477,\nCVE-2015-0470)\n\nA directory traversal flaw was found in the way the jar tool extracted\nJAR archive files. A specially crafted JAR archive could cause jar to\noverwrite arbitrary files writable by the user running jar when the\narchive was extracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in\nOpenJDK did not follow recommended practices for implementing RSA\nsignatures. (CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.8.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0470\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0809\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.45-28.b13.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.45-28.b13.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-demo-1.8.0.45-28.b13.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.45-28.b13.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-devel-1.8.0.45-28.b13.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.45-28.b13.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-headless-1.8.0.45-28.b13.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.45-28.b13.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.45-28.b13.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-src-1.8.0.45-28.b13.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.45-28.b13.el6_6\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-1.8.0.45-30.b13.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.45-30.b13.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.45-30.b13.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.45-30.b13.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-demo-1.8.0.45-30.b13.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.45-30.b13.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-devel-1.8.0.45-30.b13.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.45-30.b13.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-headless-1.8.0.45-30.b13.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.45-30.b13.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.45-30.b13.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-src-1.8.0.45-30.b13.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.45-30.b13.el7_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:46:04", "references": ["https://oss.oracle.com/pipermail/el-errata/2015-April/005003.html"], "pluginID": "82808", "description": "From Red Hat Security Advisory 2015:0807 :\n\nUpdated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions.\n(CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2015-04-16T00:00:00", "title": "Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2015-0807)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2018-07-18T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk"], "id": "ORACLELINUX_ELSA-2015-0807.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82808", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0807 and \n# Oracle Linux Security Advisory ELSA-2015-0807 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82808);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2005-1080\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\");\n script_xref(name:\"RHSA\", value:\"2015:0807\");\n\n script_name(english:\"Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2015-0807)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0807 :\n\nUpdated java-1.7.0-openjdk packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the\nfont parsing code in the 2D component in OpenJDK. A specially crafted\nfont file could possibly cause the Java Virtual Machine to execute\narbitrary code, allowing an untrusted Java application or applet to\nbypass Java sandbox restrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use\nthis flaw to corrupt the Java Virtual Machine memory and, possibly,\nexecute arbitrary code, bypassing Java sandbox restrictions.\n(CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE\nto raise an exception, possibly causing an application using JSSE to\nexit unexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted\nJava application or applet could use this flaw to bypass certain Java\nsandbox restrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted\nJAR archive files. A specially crafted JAR archive could cause jar to\noverwrite arbitrary files writable by the user running jar when the\narchive was extracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in\nOpenJDK did not follow recommended practices for implementing RSA\nsignatures. (CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-April/005003.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.7.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/16\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"java-1.7.0-openjdk-1.7.0.79-2.5.5.2.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.2.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.2.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.2.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.7.0-openjdk-src-1.7.0.79-2.5.5.2.0.1.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:41:39", "references": ["http://www.nessus.org/u?c0a3e831"], "pluginID": "82815", "description": "An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions.\n(CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nAll running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 4, "reporter": "Tenable", "published": "2015-04-16T00:00:00", "title": "Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/srpm/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2015-04-20T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150415_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82815", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82815);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/04/20 14:02:08 $\");\n\n script_cve_id(\"CVE-2005-1080\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/srpm/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An off-by-one flaw, leading to a buffer overflow, was found in the\nfont parsing code in the 2D component in OpenJDK. A specially crafted\nfont file could possibly cause the Java Virtual Machine to execute\narbitrary code, allowing an untrusted Java application or applet to\nbypass Java sandbox restrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use\nthis flaw to corrupt the Java Virtual Machine memory and, possibly,\nexecute arbitrary code, bypassing Java sandbox restrictions.\n(CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE\nto raise an exception, possibly causing an application using JSSE to\nexit unexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted\nJava application or applet could use this flaw to bypass certain Java\nsandbox restrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted\nJAR archive files. A specially crafted JAR archive could cause jar to\noverwrite arbitrary files writable by the user running jar when the\narchive was extracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in\nOpenJDK did not follow recommended practices for implementing RSA\nsignatures. (CVE-2015-0478)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1504&L=scientific-linux-errata&T=0&P=1481\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0a3e831\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el6_6\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.79-2.5.5.1.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.79-2.5.5.1.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el7_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T16:53:11", "references": ["https://access.redhat.com/security/cve/cve-2015-0469", "https://access.redhat.com/security/cve/cve-2015-0480", "https://access.redhat.com/security/cve/cve-2015-0460", "https://access.redhat.com/security/cve/cve-2015-0478", "https://access.redhat.com/errata/RHSA-2015:0806", "https://access.redhat.com/security/cve/cve-2015-0477", "https://access.redhat.com/security/cve/cve-2005-1080", "https://access.redhat.com/security/cve/cve-2015-0488"], "pluginID": "82809", "description": "Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions.\n(CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security.\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 9, "reporter": "Tenable", "published": "2015-04-16T00:00:00", "title": "RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2015:0806)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-accessibility", "cpe:/o:redhat:enterprise_linux:7.1", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:6.6", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.2", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-headless", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc"], "id": "REDHAT-RHSA-2015-0806.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82809", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0806. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82809);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2005-1080\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\");\n script_bugtraq_id(13083, 74072, 74097, 74104, 74111, 74119, 74147);\n script_xref(name:\"RHSA\", value:\"2015:0806\");\n\n script_name(english:\"RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2015:0806)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the\nfont parsing code in the 2D component in OpenJDK. A specially crafted\nfont file could possibly cause the Java Virtual Machine to execute\narbitrary code, allowing an untrusted Java application or applet to\nbypass Java sandbox restrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use\nthis flaw to corrupt the Java Virtual Machine memory and, possibly,\nexecute arbitrary code, bypassing Java sandbox restrictions.\n(CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE\nto raise an exception, possibly causing an application using JSSE to\nexit unexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted\nJava application or applet could use this flaw to bypass certain Java\nsandbox restrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted\nJAR archive files. A specially crafted JAR archive could cause jar to\noverwrite arbitrary files writable by the user running jar when the\narchive was extracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in\nOpenJDK did not follow recommended practices for implementing RSA\nsignatures. (CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0488\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0806\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el6_6\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.79-2.5.5.1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.79-2.5.5.1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-headless-1.7.0.79-2.5.5.1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.79-2.5.5.1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el7_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:36:11", "references": ["https://alas.aws.amazon.com/ALAS-2015-515.html"], "pluginID": "83058", "description": "An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions.\n(CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080 , CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478)", "edition": 5, "reporter": "Tenable", "published": "2015-04-27T00:00:00", "title": "Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2015-515)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-1.6.0-openjdk-src", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo"], "id": "ALA_ALAS-2015-515.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83058", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-515.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83058);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2005-1080\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\");\n script_xref(name:\"ALAS\", value:\"2015-515\");\n script_xref(name:\"RHSA\", value:\"2015:0808\");\n\n script_name(english:\"Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2015-515)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An off-by-one flaw, leading to a buffer overflow, was found in the\nfont parsing code in the 2D component in OpenJDK. A specially crafted\nfont file could possibly cause the Java Virtual Machine to execute\narbitrary code, allowing an untrusted Java application or applet to\nbypass Java sandbox restrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use\nthis flaw to corrupt the Java Virtual Machine memory and, possibly,\nexecute arbitrary code, bypassing Java sandbox restrictions.\n(CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE\nto raise an exception, possibly causing an application using JSSE to\nexit unexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted\nJava application or applet could use this flaw to bypass certain Java\nsandbox restrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted\nJAR archive files. A specially crafted JAR archive could cause jar to\noverwrite arbitrary files writable by the user running jar when the\narchive was extracted. (CVE-2005-1080 , CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in\nOpenJDK did not follow recommended practices for implementing RSA\nsignatures. (CVE-2015-0478)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-515.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update java-1.6.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-1.6.0.35-1.13.7.1.70.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.70.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.70.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.70.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.70.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.70.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:36:57", "references": ["http://www.nessus.org/u?ac0ec140"], "pluginID": "82814", "description": "An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions.\n(CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478)\n\nAll running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 4, "reporter": "Tenable", "published": "2015-04-16T00:00:00", "title": "Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2015-04-20T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150415_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82814", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82814);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/04/20 14:02:08 $\");\n\n script_cve_id(\"CVE-2005-1080\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An off-by-one flaw, leading to a buffer overflow, was found in the\nfont parsing code in the 2D component in OpenJDK. A specially crafted\nfont file could possibly cause the Java Virtual Machine to execute\narbitrary code, allowing an untrusted Java application or applet to\nbypass Java sandbox restrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use\nthis flaw to corrupt the Java Virtual Machine memory and, possibly,\nexecute arbitrary code, bypassing Java sandbox restrictions.\n(CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE\nto raise an exception, possibly causing an application using JSSE to\nexit unexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted\nJava application or applet could use this flaw to bypass certain Java\nsandbox restrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted\nJAR archive files. A specially crafted JAR archive could cause jar to\noverwrite arbitrary files writable by the user running jar when the\narchive was extracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in\nOpenJDK did not follow recommended practices for implementing RSA\nsignatures. (CVE-2015-0478)\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1504&L=scientific-linux-errata&T=0&P=1343\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ac0ec140\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"java-1.7.0-openjdk-1.7.0.79-2.5.5.2.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.2.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.2.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.2.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.2.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.7.0-openjdk-src-1.7.0.79-2.5.5.2.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-11-19T13:01:46", "references": ["2573-1", "http://www.ubuntu.com/usn/usn-2573-1/"], "pluginID": "1361412562310842174", "description": "The remote host is missing an update for the ", "edition": 9, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-04-22T00:00:00", "title": "Ubuntu Update for openjdk-6 USN-2573-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310842174", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842174", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for openjdk-6 USN-2573-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842174\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-22 07:24:03 +0200 (Wed, 22 Apr 2015)\");\n script_cve_id(\"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0480\", \"CVE-2015-0478\",\n \"CVE-2015-0477\", \"CVE-2015-0488\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for openjdk-6 USN-2573-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjdk-6'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities were discovered\nin the OpenJDK JRE related to information disclosure, data integrity and\navailability. An attacker could exploit these to cause a denial of service or\nexpose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469)\n\nAlexander Cherepanov discovered that OpenJDK JRE was vulnerable to\ndirectory traversal issues with respect to handling jar files. An\nattacker could use this to expose sensitive data. (CVE-2015-0480)\n\nFlorian Weimer discovered that the RSA implementation in the JCE\ncomponent in OpenJDK JRE did not follow recommended practices for\nimplementing RSA signatures. An attacker could use this to expose\nsensitive data. (CVE-2015-0478)\n\nA vulnerability was discovered in the OpenJDK JRE related to data\nintegrity. An attacker could exploit this expose sensitive data over\nthe network. (CVE-2015-0477)\n\nA vulnerability was discovered in the OpenJDK JRE related to\navailability. An attacker could exploit these to cause a denial\nof service. (CVE-2015-0488)\");\n script_tag(name:\"affected\", value:\"openjdk-6 on Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2573-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2573-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|10\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b35-1.13.7-1ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b35-1.13.7-1ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b35-1.13.7-1ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b35-1.13.7-1ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b35-1.13.7-1ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b35-1.13.7-1ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b35-1.13.7-1ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b35-1.13.7-1ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b35-1.13.7-1ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b35-1.13.7-1ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b35-1.13.7-1ubuntu0.10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b35-1.13.7-1ubuntu0.10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b35-1.13.7-1ubuntu0.10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b35-1.13.7-1ubuntu0.10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b35-1.13.7-1ubuntu0.10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b35-1.13.7-1ubuntu0.10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b35-1.13.7-1ubuntu0.10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b35-1.13.7-1ubuntu0.10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b35-1.13.7-1ubuntu0.10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:01:26", "references": ["2574-1", "http://www.ubuntu.com/usn/usn-2574-1/"], "pluginID": "1361412562310842172", "description": "The remote host is missing an update for the ", "edition": 9, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-04-22T00:00:00", "title": "Ubuntu Update for openjdk-7 USN-2574-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310842172", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842172", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for openjdk-7 USN-2574-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842172\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-22 07:23:01 +0200 (Wed, 22 Apr 2015)\");\n script_cve_id(\"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0480\", \"CVE-2015-0478\",\n \"CVE-2015-0477\", \"CVE-2015-0488\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for openjdk-7 USN-2574-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjdk-7'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities were discovered\nin the OpenJDK JRE related to information disclosure, data integrity and\navailability. An attacker could exploit these to cause a denial of service\nor expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469)\n\nAlexander Cherepanov discovered that OpenJDK JRE was vulnerable to\ndirectory traversal issues with respect to handling jar files. An\nattacker could use this to expose sensitive data. (CVE-2015-0480)\n\nFlorian Weimer discovered that the RSA implementation in the JCE\ncomponent in OpenJDK JRE did not follow recommended practices for\nimplementing RSA signatures. An attacker could use this to expose\nsensitive data. (CVE-2015-0478)\n\nA vulnerability was discovered in the OpenJDK JRE related to data\nintegrity. An attacker could exploit this expose sensitive data over\nthe network. (CVE-2015-0477)\n\nA vulnerability was discovered in the OpenJDK JRE related to\navailability. An attacker could exploit these to cause a denial\nof service. (CVE-2015-0488)\");\n script_tag(name:\"affected\", value:\"openjdk-7 on Ubuntu 14.10,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2574-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2574-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm:amd64\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm:i386\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-demo\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-doc\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jdk:amd64\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jdk:i386\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre:amd64\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre:i386\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless:amd64\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless:i386\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-lib\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero:amd64\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero:i386\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-source\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm:amd64\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm:i386\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-demo\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-doc\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jdk:amd64\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jdk:i386\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre:amd64\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre:i386\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless:amd64\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless:i386\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-lib\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero:amd64\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero:i386\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-source\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:51:26", "references": ["2015:0807", "http://lists.centos.org/pipermail/centos-announce/2015-April/021075.html"], "pluginID": "1361412562310882166", "description": "Check the version of java", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-04-16T00:00:00", "title": "CentOS Update for java CESA-2015:0807 centos5 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882166", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882166", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2015:0807 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882166\");\n script_version(\"$Revision: 6657 $\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-16 07:03:08 +0200 (Thu, 16 Apr 2015)\");\n script_cve_id(\"CVE-2005-1080\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0477\", \n \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for java CESA-2015:0807 centos5 \");\n script_tag(name: \"summary\", value: \"Check the version of java\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the\n help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The java-1.7.0-openjdk packages provide\n the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font file\ncould possibly cause the Java Virtual Machine to execute arbitrary code,\nallowing an untrusted Java application or applet to bypass Java sandbox\nrestrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use this\nflaw to corrupt the Java Virtual Machine memory and, possibly, execute\narbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR\narchive files. A specially crafted JAR archive could cause jar to overwrite\narbitrary files writable by the user running jar when the archive was\nextracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n(CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\");\n script_tag(name: \"affected\", value: \"java on CentOS 5\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:0807\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-April/021075.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.79~2.5.5.2.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.79~2.5.5.2.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.79~2.5.5.2.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.79~2.5.5.2.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.79~2.5.5.2.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:50:39", "references": ["http://lists.centos.org/pipermail/centos-announce/2015-April/021068.html", "2015:0808"], "pluginID": "1361412562310882170", "description": "Check the version of java", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-04-16T00:00:00", "title": "CentOS Update for java CESA-2015:0808 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882170", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882170", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2015:0808 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882170\");\n script_version(\"$Revision: 6657 $\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-16 07:05:24 +0200 (Thu, 16 Apr 2015)\");\n script_cve_id(\"CVE-2005-1080\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0477\",\n \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for java CESA-2015:0808 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of java\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font file\ncould possibly cause the Java Virtual Machine to execute arbitrary code,\nallowing an untrusted Java application or applet to bypass Java sandbox\nrestrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use this\nflaw to corrupt the Java Virtual Machine memory and, possibly, execute\narbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR\narchive files. A specially crafted JAR archive could cause jar to overwrite\narbitrary files writable by the user running jar when the archive was\nextracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n(CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\");\n script_tag(name: \"affected\", value: \"java on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:0808\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-April/021068.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.35~1.13.7.1.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.35~1.13.7.1.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.35~1.13.7.1.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.35~1.13.7.1.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-penjdk-src~1.6.0.35~1.13.7.1.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:25:31", "references": ["http://linux.oracle.com/errata/ELSA-2015-0809.html"], "pluginID": "1361412562310123132", "description": "Oracle Linux Local Security Checks ELSA-2015-0809", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2015-0809", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123132", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123132", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0809.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123132\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:59:45 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0809\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0809\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0809.html\");\n script_cve_id(\"CVE-2005-1080\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\", \"CVE-2015-0470\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk\", rpm:\"java-1.8.0-openjdk~1.8.0.45~30.b13.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-accessibility\", rpm:\"java-1.8.0-openjdk-accessibility~1.8.0.45~30.b13.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo\", rpm:\"java-1.8.0-openjdk-demo~1.8.0.45~30.b13.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel\", rpm:\"java-1.8.0-openjdk-devel~1.8.0.45~30.b13.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless\", rpm:\"java-1.8.0-openjdk-headless~1.8.0.45~30.b13.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc\", rpm:\"java-1.8.0-openjdk-javadoc~1.8.0.45~30.b13.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src\", rpm:\"java-1.8.0-openjdk-src~1.8.0.45~30.b13.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk\", rpm:\"java-1.8.0-openjdk~1.8.0.45~28.b13.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo\", rpm:\"java-1.8.0-openjdk-demo~1.8.0.45~28.b13.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel\", rpm:\"java-1.8.0-openjdk-devel~1.8.0.45~28.b13.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless\", rpm:\"java-1.8.0-openjdk-headless~1.8.0.45~28.b13.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc\", rpm:\"java-1.8.0-openjdk-javadoc~1.8.0.45~28.b13.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src\", rpm:\"java-1.8.0-openjdk-src~1.8.0.45~28.b13.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T14:31:42", "references": ["https://alas.aws.amazon.com/ALAS-2015-516.html"], "pluginID": "1361412562310120533", "description": "Amazon Linux Local Security Checks", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-09-08T00:00:00", "title": "Amazon Linux Local Check: alas-2015-516", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2018-10-01T00:00:00", "id": "OPENVAS:1361412562310120533", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120533", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-516.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120533\");\n script_version(\"$Revision: 11711 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:28:48 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 14:30:57 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: alas-2015-516\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in OpenJDK. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update java-1.7.0-openjdk to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-516.html\");\n script_cve_id(\"CVE-2015-0469\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0477\", \"CVE-2015-0488\", \"CVE-2005-1080\", \"CVE-2015-0460\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.79~2.5.5.1.59.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.79~2.5.5.1.59.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.79~2.5.5.1.59.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.79~2.5.5.1.59.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.79~2.5.5.1.59.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.79~2.5.5.1.59.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T14:30:20", "references": ["https://alas.aws.amazon.com/ALAS-2015-515.html"], "pluginID": "1361412562310120532", "description": "Amazon Linux Local Security Checks", "edition": 6, "reporter": "Eero Volotinen", "published": "2015-09-08T00:00:00", "title": "Amazon Linux Local Check: alas-2015-515", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2018-10-01T00:00:00", "id": "OPENVAS:1361412562310120532", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120532", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-515.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120532\");\n script_version(\"$Revision: 11711 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:28:45 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 14:30:57 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: alas-2015-515\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in OpenJDK. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update java-1.6.0-openjdk to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-515.html\");\n script_cve_id(\"CVE-2015-0469\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0477\", \"CVE-2015-0488\", \"CVE-2005-1080\", \"CVE-2015-0460\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.35~1.13.7.1.70.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.35~1.13.7.1.70.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.35~1.13.7.1.70.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.35~1.13.7.1.70.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.35~1.13.7.1.70.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.35~1.13.7.1.70.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:52:22", "references": ["http://lists.centos.org/pipermail/centos-announce/2015-April/021069.html", "2015:0806"], "pluginID": "1361412562310882167", "description": "Check the version of java", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-04-16T00:00:00", "title": "CentOS Update for java CESA-2015:0806 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882167", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882167", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2015:0806 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882167\");\n script_version(\"$Revision: 6657 $\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-16 07:03:47 +0200 (Thu, 16 Apr 2015)\");\n script_cve_id(\"CVE-2005-1080\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0477\",\n \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for java CESA-2015:0806 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of java\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the \n help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The java-1.7.0-openjdk packages provide\n the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font file\ncould possibly cause the Java Virtual Machine to execute arbitrary code,\nallowing an untrusted Java application or applet to bypass Java sandbox\nrestrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use this\nflaw to corrupt the Java Virtual Machine memory and, possibly, execute\narbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR\narchive files. A specially crafted JAR archive could cause jar to overwrite\narbitrary files writable by the user running jar when the archive was\nextracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n(CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\");\n script_tag(name: \"affected\", value: \"java on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:0806\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-April/021069.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.79~2.5.5.1.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.79~2.5.5.1.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.79~2.5.5.1.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.79~2.5.5.1.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.79~2.5.5.1.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:52:12", "references": ["http://lists.centos.org/pipermail/centos-announce/2015-April/021067.html", "2015:0809"], "pluginID": "1361412562310882171", "description": "Check the version of java", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-04-16T00:00:00", "title": "CentOS Update for java CESA-2015:0809 centos7 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882171", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882171", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2015:0809 centos7 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882171\");\n script_version(\"$Revision: 6657 $\");\n script_cve_id(\"CVE-2005-1080\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0470\",\n \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-16 07:05:32 +0200 (Thu, 16 Apr 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for java CESA-2015:0809 centos7 \");\n script_tag(name: \"summary\", value: \"Check the version of java\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The java-1.8.0-openjdk packages provide the\nOpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font file\ncould possibly cause the Java Virtual Machine to execute arbitrary code,\nallowing an untrusted Java application or applet to bypass Java sandbox\nrestrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use this\nflaw to corrupt the Java Virtual Machine memory and, possibly, execute\narbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly. (CVE-2015-0488)\n\nMultiple flaws were discovered in the Beans and Hotspot components in\nOpenJDK. An untrusted Java application or applet could use these flaws to\nbypass certain Java sandbox restrictions. (CVE-2015-0477, CVE-2015-0470)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR\narchive files. A specially crafted JAR archive could cause jar to overwrite\narbitrary files writable by the user running jar when the archive was\nextracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n(CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.8.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\");\n script_tag(name: \"affected\", value: \"java on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:0809\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-April/021067.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"java~1.8.0-openjdk\", rpm:\"java-1.8.0-openjdk~1.8.0.45~30.b13.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java~1.8.0-openjdk-accessibility\", rpm:\"java-1.8.0-openjdk-accessibility~1.8.0.45~30.b13.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.8.0.45~30.b13.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel\", rpm:\"java-1.8.0-openjdk-devel~1.8.0.45~30.b13.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless\", rpm:\"java-1.8.0-openjdk-headless~1.8.0.45~30.b13.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc\", rpm:\"java-1.8.0-openjdk-javadoc~1.8.0.45~30.b13.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src\", rpm:\"java-1.8.0-openjdk-src~1.8.0.45~30.b13.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-23T15:13:07", "references": ["https://www.redhat.com/archives/rhsa-announce/2015-April/msg00020.html", "2015:0807-01"], "pluginID": "1361412562310871356", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-04-16T00:00:00", "title": "RedHat Update for java-1.7.0-openjdk RHSA-2015:0807-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871356", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871356", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.7.0-openjdk RHSA-2015:0807-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871356\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-16 07:00:48 +0200 (Thu, 16 Apr 2015)\");\n script_cve_id(\"CVE-2005-1080\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0477\",\n \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for java-1.7.0-openjdk RHSA-2015:0807-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.7.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font file\ncould possibly cause the Java Virtual Machine to execute arbitrary code,\nallowing an untrusted Java application or applet to bypass Java sandbox\nrestrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use this\nflaw to corrupt the Java Virtual Machine memory and, possibly, execute\narbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR\narchive files. A specially crafted JAR archive could cause jar to overwrite\narbitrary files writable by the user running jar when the archive was\nextracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n(CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\");\n script_tag(name:\"affected\", value:\"java-1.7.0-openjdk on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:0807-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-April/msg00020.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.79~2.5.5.2.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.79~2.5.5.2.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.79~2.5.5.2.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.79~2.5.5.2.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.79~2.5.5.2.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.79~2.5.5.2.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:46:29", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.0.1.el5_11", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.0.1.el5_11.i386.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el6_6.i686.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.0.1.el5_11", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.0.1.el5_11.i386.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.0.1.el5_11", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.0.1.el5_11.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.0.1.el5_11", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.0.1.el5_11.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.0.1.el5_11", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.0.1.el5_11.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el6_6.i686.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el6_6.i686.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.0.1.el5_11", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.0.1.el5_11.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.0.1.el5_11", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.0.1.el5_11.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6.i686.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.0.1.el5_11", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.0.1.el5_11.i386.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.0.1.el5_11", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.0.1.el5_11.i386.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.0.1.el5_11", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.0.1.el5_11.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el6_6.i686.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.0.1.el5_11", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.0.1.el5_11.i386.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el7_1.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.0.1.el5_11", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.0.1.el5_11.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}], "description": "[1:1.6.0.35-1.13.7.1]\n- Repackaged source files\n- Resolves: rhbz#1209067\n[1:1.6.0.35-1.13.7.0]\n- Update to IcedTea 1.13.7\n- Regenerate add-final-location-rpaths patch so as to be less disruptive.\n- Resolves: rhbz#1209067", "edition": 3, "reporter": "Oracle", "published": "2015-04-15T00:00:00", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2015-04-15T00:00:00", "id": "ELSA-2015-0808", "href": "http://linux.oracle.com/errata/ELSA-2015-0808.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:41:03", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.0.1.el5_11", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.2.0.1.el5_11.i386.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.0.1.el5_11", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.2.0.1.el5_11.i386.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.0.1.el5_11", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.2.0.1.el5_11.i386.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.0.1.el5_11", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.2.0.1.el5_11.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.0.1.el5_11", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.2.0.1.el5_11.x86_64.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.0.1.el5_11", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.2.0.1.el5_11.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.0.1.el5_11", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.79-2.5.5.2.0.1.el5_11.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.0.1.el5_11", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.2.0.1.el5_11.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.0.1.el5_11", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.2.0.1.el5_11.i386.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.0.1.el5_11", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.79-2.5.5.2.0.1.el5_11.i386.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.0.1.el5_11", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.2.0.1.el5_11.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.0.1.el5_11", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.2.0.1.el5_11.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}], "description": "[1:1.7.0.75-2.5.5.1.0.1.el5_11]\n- Add oracle-enterprise.patch\n- Fix DISTRO_NAME to 'Oracle Linux'\n[1:1.7.0.75-2.5.5.1]\n- Repacked sources\n- Resolves: rhbz#1209069\n[1:1.7.0.79-2.5.5.0]\n- Bump to 2.5.5 using OpenJDK 7u79 b14.\n- Resolves: rhbz#1209069", "edition": 3, "reporter": "Oracle", "published": "2015-04-15T00:00:00", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2015-04-15T00:00:00", "id": "ELSA-2015-0807", "href": "http://linux.oracle.com/errata/ELSA-2015-0807.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:45:59", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.0.1.el6_6", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.0.1.el6_6.i686.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.0.1.el7_1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-headless-1.7.0.79-2.5.5.1.0.1.el7_1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-headless", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.0.1.el6_6", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.1.0.1.el6_6.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.0.1.el7_1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.0.1.el7_1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.0.1.el6_6", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.0.1.el6_6.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.0.1.el7_1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-accessibility-1.7.0.79-2.5.5.1.0.1.el7_1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-accessibility", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.0.1.el6_6", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.0.1.el6_6.i686.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.0.1.el6_6", "arch": "noarch", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.0.1.el6_6.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.0.1.el6_6", "arch": "noarch", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.0.1.el6_6.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.0.1.el6_6", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.1.0.1.el6_6.i686.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.0.1.el7_1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.1.0.1.el7_1.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.0.1.el7_1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.0.1.el7_1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.0.1.el7_1", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.1.0.1.el7_1.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.0.1.el6_6", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.0.1.el6_6.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.0.1.el6_6", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.0.1.el6_6.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.0.1.el6_6", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.0.1.el6_6.i686.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.0.1.el7_1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.0.1.el7_1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.0.1.el7_1", "arch": "noarch", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.0.1.el7_1.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.0.1.el6_6", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.1.0.1.el6_6.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.0.1.el6_6", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.1.0.1.el6_6.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}], "description": "[1:1.7.0.75-2.5.5.1.0.1.el7_1]\n- Update DISTRO_NAME in specfile\n[1:1.7.0.75-2.5.5.1]\n- repacked sources\n- Resolves: rhbz#1209072\n[1:1.7.0.75-2.5.5.0]\n- Bump to 2.5.5 using OpenJDK 7u79 b14.\n- Update OpenJDK tarball creation comments\n- Remove test case for RH1191652 now fix has been verified.\n- Drop AArch64 version of RH1191652 HotSpot patch as included upstream.\n- Resolves: rhbz#1209072", "edition": 3, "reporter": "Oracle", "published": "2015-04-15T00:00:00", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2015-04-15T00:00:00", "id": "ELSA-2015-0806", "href": "http://linux.oracle.com/errata/ELSA-2015-0806.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:43:40", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "x86_64", "packageFilename": "java-1.8.0-openjdk-devel-1.8.0.45-30.b13.el7_1.x86_64.rpm", "packageName": "java-1.8.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "i686", "packageFilename": "java-1.8.0-openjdk-demo-1.8.0.45-28.b13.el6_6.i686.rpm", "packageName": "java-1.8.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "x86_64", "packageFilename": "java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6.x86_64.rpm", "packageName": "java-1.8.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "x86_64", "packageFilename": "java-1.8.0-openjdk-headless-1.8.0.45-30.b13.el7_1.x86_64.rpm", "packageName": "java-1.8.0-openjdk-headless", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "i686", "packageFilename": "java-1.8.0-openjdk-src-1.8.0.45-28.b13.el6_6.i686.rpm", "packageName": "java-1.8.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "i686", "packageFilename": "java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6.i686.rpm", "packageName": "java-1.8.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "src", "packageFilename": "java-1.8.0-openjdk-1.8.0.45-30.b13.el7_1.src.rpm", "packageName": "java-1.8.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "noarch", "packageFilename": "java-1.8.0-openjdk-javadoc-1.8.0.45-28.b13.el6_6.noarch.rpm", "packageName": "java-1.8.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "noarch", "packageFilename": "java-1.8.0-openjdk-javadoc-1.8.0.45-28.b13.el6_6.noarch.rpm", "packageName": "java-1.8.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "src", "packageFilename": "java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6.src.rpm", "packageName": "java-1.8.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "src", "packageFilename": "java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6.src.rpm", "packageName": "java-1.8.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "x86_64", "packageFilename": "java-1.8.0-openjdk-accessibility-1.8.0.45-30.b13.el7_1.x86_64.rpm", "packageName": "java-1.8.0-openjdk-accessibility", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "x86_64", "packageFilename": "java-1.8.0-openjdk-demo-1.8.0.45-30.b13.el7_1.x86_64.rpm", "packageName": "java-1.8.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "noarch", "packageFilename": "java-1.8.0-openjdk-javadoc-1.8.0.45-30.b13.el7_1.noarch.rpm", "packageName": "java-1.8.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "x86_64", "packageFilename": "java-1.8.0-openjdk-headless-1.8.0.45-28.b13.el6_6.x86_64.rpm", "packageName": "java-1.8.0-openjdk-headless", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "x86_64", "packageFilename": "java-1.8.0-openjdk-src-1.8.0.45-28.b13.el6_6.x86_64.rpm", "packageName": "java-1.8.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "x86_64", "packageFilename": "java-1.8.0-openjdk-devel-1.8.0.45-28.b13.el6_6.x86_64.rpm", "packageName": "java-1.8.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "x86_64", "packageFilename": "java-1.8.0-openjdk-1.8.0.45-30.b13.el7_1.x86_64.rpm", "packageName": "java-1.8.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "i686", "packageFilename": "java-1.8.0-openjdk-devel-1.8.0.45-28.b13.el6_6.i686.rpm", "packageName": "java-1.8.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "x86_64", "packageFilename": "java-1.8.0-openjdk-src-1.8.0.45-30.b13.el7_1.x86_64.rpm", "packageName": "java-1.8.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "i686", "packageFilename": "java-1.8.0-openjdk-headless-1.8.0.45-28.b13.el6_6.i686.rpm", "packageName": "java-1.8.0-openjdk-headless", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "x86_64", "packageFilename": "java-1.8.0-openjdk-demo-1.8.0.45-28.b13.el6_6.x86_64.rpm", "packageName": "java-1.8.0-openjdk-demo", "operator": "lt"}], "description": "[1:1.8.0.45-30.b13]\n- repacked sources\n- Resolves: RHBZ#1209076\n[1:1.8.0.45-7.b13]\n- Re-add %{name} prefix to patches to avoid conflicts with OpenJDK 7 versions.\n- Remove ppc64le test case now fix has been verified.\n- Resolves: rhbz#1194378\n[1:1.8.0.45-27.b13]\n- updated to security u45\n- minor sync with 7.2\n - generate_source_tarball.sh\n - adapted java-1.8.0-openjdk-s390-java-opts.patch and java-1.8.0-openjdk-size_t.patch\n - reworked (synced) zero patches (removed 103,11 added 204, 400-403)\n - family of 5XX patches renamed to 6XX\n - added upstreamed patch 501 and 505\n - included removeSunEcProvider-RH1154143.patch\n- returned java (jre only) provides\n- repacked policies (source20)\n- removed duplicated NVR provides\n- added automated test for priority (length7)\n- Resolves: RHBZ#1209076", "edition": 3, "reporter": "Oracle", "published": "2015-04-15T00:00:00", "title": "java-1.8.0-openjdk security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "modified": "2015-04-15T00:00:00", "id": "ELSA-2015-0809", "href": "http://linux.oracle.com/errata/ELSA-2015-0809.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-06-06T18:05:46", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "i686", "packageName": "java-1.7.0-openjdk-debuginfo", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "src", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el6_6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-debuginfo", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "i686", "packageName": "java-1.7.0-openjdk-demo", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "noarch", "packageName": "java-1.7.0-openjdk-javadoc", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el6_6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "i686", "packageName": "java-1.7.0-openjdk-src", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-demo", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-src", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "i686", "packageName": "java-1.7.0-openjdk-devel", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "i686", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-devel", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "x86_64", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-debuginfo", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "noarch", "packageName": "java-1.7.0-openjdk-javadoc", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el7_1.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-demo", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-accessibility", "packageFilename": "java-1.7.0-openjdk-accessibility-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-devel", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-src", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-headless", "packageFilename": "java-1.7.0-openjdk-headless-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "x86_64", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "ppc64", "packageName": "java-1.7.0-openjdk-debuginfo", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "ppc64", "packageName": "java-1.7.0-openjdk-accessibility", "packageFilename": "java-1.7.0-openjdk-accessibility-1.7.0.79-2.5.5.1.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "ppc64", "packageName": "java-1.7.0-openjdk-src", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "ppc64", "packageName": "java-1.7.0-openjdk-demo", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "ppc64", "packageName": "java-1.7.0-openjdk-devel", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "ppc64", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "ppc64", "packageName": "java-1.7.0-openjdk-headless", "packageFilename": "java-1.7.0-openjdk-headless-1.7.0.79-2.5.5.1.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "s390x", "packageName": "java-1.7.0-openjdk-debuginfo", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "s390x", "packageName": "java-1.7.0-openjdk-src", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "s390x", "packageName": "java-1.7.0-openjdk-accessibility", "packageFilename": "java-1.7.0-openjdk-accessibility-1.7.0.79-2.5.5.1.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "s390x", "packageName": "java-1.7.0-openjdk-demo", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "s390x", "packageName": "java-1.7.0-openjdk-devel", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "s390x", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "s390x", "packageName": "java-1.7.0-openjdk-headless", "packageFilename": "java-1.7.0-openjdk-headless-1.7.0.79-2.5.5.1.el7_1.s390x.rpm", "operator": "lt"}], "description": "The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font file\ncould possibly cause the Java Virtual Machine to execute arbitrary code,\nallowing an untrusted Java application or applet to bypass Java sandbox\nrestrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use this\nflaw to corrupt the Java Virtual Machine memory and, possibly, execute\narbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR\narchive files. A specially crafted JAR archive could cause jar to overwrite\narbitrary files writable by the user running jar when the archive was\nextracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n(CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2015-04-14T04:00:00", "type": "redhat", "title": "(RHSA-2015:0806) Critical: java-1.7.0-openjdk security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-1080", "CVE-2015-0460", "CVE-2015-0469", "CVE-2015-0477", "CVE-2015-0478", "CVE-2015-0480", "CVE-2015-0488"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:13", "id": "RHSA-2015:0806", "href": "https://access.redhat.com/errata/RHSA-2015:0806", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-06T18:04:56", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "i686", "packageName": "java-1.8.0-openjdk-debuginfo", "packageFilename": "java-1.8.0-openjdk-debuginfo-1.8.0.45-28.b13.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "src", "packageName": "java-1.8.0-openjdk", "packageFilename": "java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "x86_64", "packageName": "java-1.8.0-openjdk-debuginfo", "packageFilename": "java-1.8.0-openjdk-debuginfo-1.8.0.45-28.b13.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "i686", "packageName": "java-1.8.0-openjdk-src", "packageFilename": "java-1.8.0-openjdk-src-1.8.0.45-28.b13.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "i686", "packageName": "java-1.8.0-openjdk-devel", "packageFilename": "java-1.8.0-openjdk-devel-1.8.0.45-28.b13.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "noarch", "packageName": "java-1.8.0-openjdk-javadoc", "packageFilename": "java-1.8.0-openjdk-javadoc-1.8.0.45-28.b13.el6_6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "i686", "packageName": "java-1.8.0-openjdk-demo", "packageFilename": "java-1.8.0-openjdk-demo-1.8.0.45-28.b13.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "x86_64", "packageName": "java-1.8.0-openjdk-src", "packageFilename": "java-1.8.0-openjdk-src-1.8.0.45-28.b13.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "x86_64", "packageName": "java-1.8.0-openjdk-devel", "packageFilename": "java-1.8.0-openjdk-devel-1.8.0.45-28.b13.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "x86_64", "packageName": "java-1.8.0-openjdk-demo", "packageFilename": "java-1.8.0-openjdk-demo-1.8.0.45-28.b13.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "i686", "packageName": "java-1.8.0-openjdk", "packageFilename": "java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "i686", "packageName": "java-1.8.0-openjdk-headless", "packageFilename": "java-1.8.0-openjdk-headless-1.8.0.45-28.b13.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "x86_64", "packageName": "java-1.8.0-openjdk", "packageFilename": "java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "x86_64", "packageName": "java-1.8.0-openjdk-headless", "packageFilename": "java-1.8.0-openjdk-headless-1.8.0.45-28.b13.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "x86_64", "packageName": "java-1.8.0-openjdk-debuginfo", "packageFilename": "java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "x86_64", "packageName": "java-1.8.0-openjdk-devel", "packageFilename": "java-1.8.0-openjdk-devel-1.8.0.45-30.b13.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "noarch", "packageName": "java-1.8.0-openjdk-javadoc", "packageFilename": "java-1.8.0-openjdk-javadoc-1.8.0.45-30.b13.el7_1.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "x86_64", "packageName": "java-1.8.0-openjdk-demo", "packageFilename": "java-1.8.0-openjdk-demo-1.8.0.45-30.b13.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "x86_64", "packageName": "java-1.8.0-openjdk-src", "packageFilename": "java-1.8.0-openjdk-src-1.8.0.45-30.b13.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "x86_64", "packageName": "java-1.8.0-openjdk-accessibility", "packageFilename": "java-1.8.0-openjdk-accessibility-1.8.0.45-30.b13.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "x86_64", "packageName": "java-1.8.0-openjdk", "packageFilename": "java-1.8.0-openjdk-1.8.0.45-30.b13.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "x86_64", "packageName": "java-1.8.0-openjdk-headless", "packageFilename": "java-1.8.0-openjdk-headless-1.8.0.45-30.b13.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "ppc64", "packageName": "java-1.8.0-openjdk-debuginfo", "packageFilename": "java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "ppc64", "packageName": "java-1.8.0-openjdk-demo", "packageFilename": "java-1.8.0-openjdk-demo-1.8.0.45-30.b13.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "ppc64", "packageName": "java-1.8.0-openjdk-src", "packageFilename": "java-1.8.0-openjdk-src-1.8.0.45-30.b13.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "ppc64", "packageName": "java-1.8.0-openjdk-accessibility", "packageFilename": "java-1.8.0-openjdk-accessibility-1.8.0.45-30.b13.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "ppc64", "packageName": "java-1.8.0-openjdk", "packageFilename": "java-1.8.0-openjdk-1.8.0.45-30.b13.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "ppc64", "packageName": "java-1.8.0-openjdk-devel", "packageFilename": "java-1.8.0-openjdk-devel-1.8.0.45-30.b13.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "ppc64", "packageName": "java-1.8.0-openjdk-headless", "packageFilename": "java-1.8.0-openjdk-headless-1.8.0.45-30.b13.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "s390x", "packageName": "java-1.8.0-openjdk-debuginfo", "packageFilename": "java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "s390x", "packageName": "java-1.8.0-openjdk-src", "packageFilename": "java-1.8.0-openjdk-src-1.8.0.45-30.b13.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "s390x", "packageName": "java-1.8.0-openjdk-demo", "packageFilename": "java-1.8.0-openjdk-demo-1.8.0.45-30.b13.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "s390x", "packageName": "java-1.8.0-openjdk-accessibility", "packageFilename": "java-1.8.0-openjdk-accessibility-1.8.0.45-30.b13.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "s390x", "packageName": "java-1.8.0-openjdk", "packageFilename": "java-1.8.0-openjdk-1.8.0.45-30.b13.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "s390x", "packageName": "java-1.8.0-openjdk-headless", "packageFilename": "java-1.8.0-openjdk-headless-1.8.0.45-30.b13.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "s390x", "packageName": "java-1.8.0-openjdk-devel", "packageFilename": "java-1.8.0-openjdk-devel-1.8.0.45-30.b13.el7_1.s390x.rpm", "operator": "lt"}], "description": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font file\ncould possibly cause the Java Virtual Machine to execute arbitrary code,\nallowing an untrusted Java application or applet to bypass Java sandbox\nrestrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use this\nflaw to corrupt the Java Virtual Machine memory and, possibly, execute\narbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly. (CVE-2015-0488)\n\nMultiple flaws were discovered in the Beans and Hotspot components in\nOpenJDK. An untrusted Java application or applet could use these flaws to\nbypass certain Java sandbox restrictions. (CVE-2015-0477, CVE-2015-0470)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR\narchive files. A specially crafted JAR archive could cause jar to overwrite\narbitrary files writable by the user running jar when the archive was\nextracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n(CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.8.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2015-04-14T04:00:00", "type": "redhat", "title": "(RHSA-2015:0809) Important: java-1.8.0-openjdk security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-1080", "CVE-2015-0460", "CVE-2015-0469", "CVE-2015-0470", "CVE-2015-0477", "CVE-2015-0478", "CVE-2015-0480", "CVE-2015-0488"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:37", "id": "RHSA-2015:0809", "href": "https://access.redhat.com/errata/RHSA-2015:0809", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-12T21:09:36", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "arch": "i386", "packageName": "java-1.6.0-openjdk-debuginfo", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "arch": "src", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el5_11.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-debuginfo", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "arch": "i386", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "arch": "i386", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "arch": "i386", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "arch": "i386", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "arch": "i386", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "arch": "x86_64", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "i686", "packageName": "java-1.6.0-openjdk-debuginfo", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "src", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-debuginfo", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "i686", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "i686", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "i686", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "i686", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "i686", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "arch": "x86_64", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-debuginfo", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "x86_64", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "ppc64", "packageName": "java-1.6.0-openjdk-debuginfo", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "ppc64", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "ppc64", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "ppc64", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "ppc64", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "ppc64", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "s390x", "packageName": "java-1.6.0-openjdk-debuginfo", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "s390x", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "s390x", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "s390x", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "s390x", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "arch": "s390x", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el7_1.s390x.rpm", "operator": "lt"}], "description": "The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font file\ncould possibly cause the Java Virtual Machine to execute arbitrary code,\nallowing an untrusted Java application or applet to bypass Java sandbox\nrestrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use this\nflaw to corrupt the Java Virtual Machine memory and, possibly, execute\narbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR\narchive files. A specially crafted JAR archive could cause jar to overwrite\narbitrary files writable by the user running jar when the archive was\nextracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n(CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2015-04-14T04:00:00", "type": "redhat", "title": "(RHSA-2015:0808) Important: java-1.6.0-openjdk security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-1080", "CVE-2015-0460", "CVE-2015-0469", "CVE-2015-0477", "CVE-2015-0478", "CVE-2015-0480", "CVE-2015-0488"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:28", "id": "RHSA-2015:0808", "href": "https://access.redhat.com/errata/RHSA-2015:0808", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:20:39", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.2.el5_11.i386.rpm", "packageName": "java-1.7.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.2.el5_11.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm", "packageName": "java-1.7.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.2.el5_11.i386.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.2.el5_11.i386.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.79-2.5.5.2.el5_11.i386.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.2.el5_11.i386.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.2.el5_11.i386.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}], "description": "The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font file\ncould possibly cause the Java Virtual Machine to execute arbitrary code,\nallowing an untrusted Java application or applet to bypass Java sandbox\nrestrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use this\nflaw to corrupt the Java Virtual Machine memory and, possibly, execute\narbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR\narchive files. A specially crafted JAR archive could cause jar to overwrite\narbitrary files writable by the user running jar when the archive was\nextracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n(CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2015-04-14T04:00:00", "type": "redhat", "title": "(RHSA-2015:0807) Important: java-1.7.0-openjdk security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-1080", "CVE-2015-0460", "CVE-2015-0469", "CVE-2015-0477", "CVE-2015-0478", "CVE-2015-0480", "CVE-2015-0488"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:51:48", "id": "RHSA-2015:0807", "href": "https://access.redhat.com/errata/RHSA-2015:0807", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-07T16:11:45", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.95-1jpp.3.el5_11", "arch": "i586", "packageName": "java-1.6.0-sun", "packageFilename": "java-1.6.0-sun-1.6.0.95-1jpp.3.el5_11.i586.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.95-1jpp.3.el5_11", "arch": "x86_64", "packageName": "java-1.6.0-sun", "packageFilename": "java-1.6.0-sun-1.6.0.95-1jpp.3.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.95-1jpp.3.el6_6", "arch": "i686", "packageName": "java-1.6.0-sun", "packageFilename": "java-1.6.0-sun-1.6.0.95-1jpp.3.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.95-1jpp.3.el6_6", "arch": "x86_64", "packageName": "java-1.6.0-sun", "packageFilename": "java-1.6.0-sun-1.6.0.95-1jpp.3.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.95-1jpp.3.el7_1", "arch": "i686", "packageName": "java-1.6.0-sun", "packageFilename": "java-1.6.0-sun-1.6.0.95-1jpp.3.el7_1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.95-1jpp.3.el7_1", "arch": "x86_64", "packageName": "java-1.6.0-sun", "packageFilename": "java-1.6.0-sun-1.6.0.95-1jpp.3.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.95-1jpp.3.el5_11", "arch": "i586", "packageName": "java-1.6.0-sun-demo", "packageFilename": "java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el5_11.i586.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.95-1jpp.3.el5_11", "arch": "x86_64", "packageName": "java-1.6.0-sun-demo", "packageFilename": "java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.95-1jpp.3.el6_6", "arch": "i686", "packageName": "java-1.6.0-sun-demo", "packageFilename": "java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.95-1jpp.3.el6_6", "arch": "x86_64", "packageName": "java-1.6.0-sun-demo", "packageFilename": "java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.95-1jpp.3.el7_1", "arch": "x86_64", "packageName": "java-1.6.0-sun-demo", "packageFilename": "java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.95-1jpp.3.el5_11", "arch": "i586", "packageName": "java-1.6.0-sun-devel", "packageFilename": "java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el5_11.i586.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.95-1jpp.3.el5_11", "arch": "x86_64", "packageName": "java-1.6.0-sun-devel", "packageFilename": "java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.95-1jpp.3.el6_6", "arch": "i686", "packageName": "java-1.6.0-sun-devel", "packageFilename": "java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.95-1jpp.3.el6_6", "arch": "x86_64", "packageName": "java-1.6.0-sun-devel", "packageFilename": "java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.95-1jpp.3.el7_1", "arch": "i686", "packageName": "java-1.6.0-sun-devel", "packageFilename": "java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el7_1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.95-1jpp.3.el7_1", "arch": "x86_64", "packageName": "java-1.6.0-sun-devel", "packageFilename": "java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.95-1jpp.3.el5_11", "arch": "i586", "packageName": "java-1.6.0-sun-jdbc", "packageFilename": "java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el5_11.i586.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.95-1jpp.3.el5_11", "arch": "x86_64", "packageName": "java-1.6.0-sun-jdbc", "packageFilename": "java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.95-1jpp.3.el6_6", "arch": "i686", "packageName": "java-1.6.0-sun-jdbc", "packageFilename": "java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.95-1jpp.3.el6_6", "arch": "x86_64", "packageName": "java-1.6.0-sun-jdbc", "packageFilename": "java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.95-1jpp.3.el7_1", "arch": "x86_64", "packageName": "java-1.6.0-sun-jdbc", "packageFilename": "java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.95-1jpp.3.el5_11", "arch": "i586", "packageName": "java-1.6.0-sun-plugin", "packageFilename": "java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el5_11.i586.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.95-1jpp.3.el5_11", "arch": "x86_64", "packageName": "java-1.6.0-sun-plugin", "packageFilename": "java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.95-1jpp.3.el6_6", "arch": "i686", "packageName": "java-1.6.0-sun-plugin", "packageFilename": "java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.95-1jpp.3.el6_6", "arch": "x86_64", "packageName": "java-1.6.0-sun-plugin", "packageFilename": "java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.95-1jpp.3.el7_1", "arch": "x86_64", "packageName": "java-1.6.0-sun-plugin", "packageFilename": "java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.95-1jpp.3.el5_11", "arch": "i586", "packageName": "java-1.6.0-sun-src", "packageFilename": "java-1.6.0-sun-src-1.6.0.95-1jpp.3.el5_11.i586.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.95-1jpp.3.el5_11", "arch": "x86_64", "packageName": "java-1.6.0-sun-src", "packageFilename": "java-1.6.0-sun-src-1.6.0.95-1jpp.3.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.95-1jpp.3.el6_6", "arch": "i686", "packageName": "java-1.6.0-sun-src", "packageFilename": "java-1.6.0-sun-src-1.6.0.95-1jpp.3.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.95-1jpp.3.el6_6", "arch": "x86_64", "packageName": "java-1.6.0-sun-src", "packageFilename": "java-1.6.0-sun-src-1.6.0.95-1jpp.3.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.0.95-1jpp.3.el7_1", "arch": "x86_64", "packageName": "java-1.6.0-sun-src", "packageFilename": "java-1.6.0-sun-src-1.6.0.95-1jpp.3.el7_1.x86_64.rpm", "operator": "lt"}], "description": "Oracle Java SE version 6 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section.\n(CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469,\nCVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated\npackages, which provide Oracle Java 6 Update 95 and resolve these issues.\nAll running instances of Oracle Java must be restarted for the update to\ntake effect.", "reporter": "RedHat", "published": "2015-04-20T18:05:19", "type": "redhat", "title": "(RHSA-2015:0858) Important: java-1.6.0-sun security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-1080", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0460", "CVE-2015-0469", "CVE-2015-0477", "CVE-2015-0478", "CVE-2015-0480", "CVE-2015-0488", "CVE-2015-0491"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T18:20:32", "id": "RHSA-2015:0858", "href": "https://access.redhat.com/errata/RHSA-2015:0858", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-12T23:59:30", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-1jpp.1.el5_11", "arch": "i586", "packageName": "java-1.7.0-oracle", "packageFilename": "java-1.7.0-oracle-1.7.0.79-1jpp.1.el5_11.i586.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-1jpp.1.el5_11", "arch": "x86_64", "packageName": "java-1.7.0-oracle", "packageFilename": "java-1.7.0-oracle-1.7.0.79-1jpp.1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-1jpp.1.el6_6", "arch": "i686", "packageName": "java-1.7.0-oracle", "packageFilename": "java-1.7.0-oracle-1.7.0.79-1jpp.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-1jpp.1.el6_6", "arch": "x86_64", "packageName": "java-1.7.0-oracle", "packageFilename": "java-1.7.0-oracle-1.7.0.79-1jpp.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-1jpp.1.el7_1", "arch": "i686", "packageName": "java-1.7.0-oracle", "packageFilename": "java-1.7.0-oracle-1.7.0.79-1jpp.1.el7_1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-1jpp.1.el7_1", "arch": "x86_64", "packageName": "java-1.7.0-oracle", "packageFilename": "java-1.7.0-oracle-1.7.0.79-1jpp.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-1jpp.1.el5_11", "arch": "i586", "packageName": "java-1.7.0-oracle-devel", "packageFilename": "java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el5_11.i586.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-1jpp.1.el5_11", "arch": "x86_64", "packageName": "java-1.7.0-oracle-devel", "packageFilename": "java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-1jpp.1.el6_6", "arch": "i686", "packageName": "java-1.7.0-oracle-devel", "packageFilename": "java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-1jpp.1.el6_6", "arch": "x86_64", "packageName": "java-1.7.0-oracle-devel", "packageFilename": "java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-1jpp.1.el7_1", "arch": "i686", "packageName": "java-1.7.0-oracle-devel", "packageFilename": "java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el7_1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-1jpp.1.el7_1", "arch": "x86_64", "packageName": "java-1.7.0-oracle-devel", "packageFilename": "java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-1jpp.1.el5_11", "arch": "i586", "packageName": "java-1.7.0-oracle-javafx", "packageFilename": "java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el5_11.i586.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-1jpp.1.el5_11", "arch": "x86_64", "packageName": "java-1.7.0-oracle-javafx", "packageFilename": "java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-1jpp.1.el6_6", "arch": "i686", "packageName": "java-1.7.0-oracle-javafx", "packageFilename": "java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-1jpp.1.el6_6", "arch": "x86_64", "packageName": "java-1.7.0-oracle-javafx", "packageFilename": "java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-1jpp.1.el7_1", "arch": "x86_64", "packageName": "java-1.7.0-oracle-javafx", "packageFilename": "java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-1jpp.1.el5_11", "arch": "i586", "packageName": "java-1.7.0-oracle-jdbc", "packageFilename": "java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el5_11.i586.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-1jpp.1.el5_11", "arch": "x86_64", "packageName": "java-1.7.0-oracle-jdbc", "packageFilename": "java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-1jpp.1.el6_6", "arch": "i686", "packageName": "java-1.7.0-oracle-jdbc", "packageFilename": "java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-1jpp.1.el6_6", "arch": "x86_64", "packageName": "java-1.7.0-oracle-jdbc", "packageFilename": "java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-1jpp.1.el7_1", "arch": "x86_64", "packageName": "java-1.7.0-oracle-jdbc", "packageFilename": "java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-1jpp.1.el5_11", "arch": "i586", "packageName": "java-1.7.0-oracle-plugin", "packageFilename": "java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el5_11.i586.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-1jpp.1.el5_11", "arch": "x86_64", "packageName": "java-1.7.0-oracle-plugin", "packageFilename": "java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-1jpp.1.el6_6", "arch": "i686", "packageName": "java-1.7.0-oracle-plugin", "packageFilename": "java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-1jpp.1.el6_6", "arch": "x86_64", "packageName": "java-1.7.0-oracle-plugin", "packageFilename": "java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-1jpp.1.el7_1", "arch": "x86_64", "packageName": "java-1.7.0-oracle-plugin", "packageFilename": "java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-1jpp.1.el5_11", "arch": "i586", "packageName": "java-1.7.0-oracle-src", "packageFilename": "java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el5_11.i586.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.79-1jpp.1.el5_11", "arch": "x86_64", "packageName": "java-1.7.0-oracle-src", "packageFilename": "java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-1jpp.1.el6_6", "arch": "i686", "packageName": "java-1.7.0-oracle-src", "packageFilename": "java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.79-1jpp.1.el6_6", "arch": "x86_64", "packageName": "java-1.7.0-oracle-src", "packageFilename": "java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.0.79-1jpp.1.el7_1", "arch": "x86_64", "packageName": "java-1.7.0-oracle-src", "packageFilename": "java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el7_1.x86_64.rpm", "operator": "lt"}], "description": "Oracle Java SE version 7 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section.\n(CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469,\nCVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0488,\nCVE-2015-0491, CVE-2015-0492)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 7 Update 79 and resolve these issues.\nAll running instances of Oracle Java must be restarted for the update to\ntake effect.", "reporter": "RedHat", "published": "2015-04-20T17:52:00", "type": "redhat", "title": "(RHSA-2015:0857) Critical: java-1.7.0-oracle security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-1080", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0460", "CVE-2015-0469", "CVE-2015-0477", "CVE-2015-0478", "CVE-2015-0480", "CVE-2015-0484", "CVE-2015-0488", "CVE-2015-0491", "CVE-2015-0492"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T18:20:33", "id": "RHSA-2015:0857", "href": "https://access.redhat.com/errata/RHSA-2015:0857", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-07T05:57:20", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "x86_64", "packageName": "java-1.7.1-ibm-devel", "packageFilename": "java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "i686", "packageName": "java-1.7.1-ibm-devel", "packageFilename": "java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "x86_64", "packageName": "java-1.7.1-ibm", "packageFilename": "java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "x86_64", "packageName": "java-1.7.1-ibm-jdbc", "packageFilename": "java-1.7.1-ibm-jdbc-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "x86_64", "packageName": "java-1.7.1-ibm-demo", "packageFilename": "java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "x86_64", "packageName": "java-1.7.1-ibm-src", "packageFilename": "java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "x86_64", "packageName": "java-1.7.1-ibm-plugin", "packageFilename": "java-1.7.1-ibm-plugin-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "i686", "packageName": "java-1.7.1-ibm", "packageFilename": "java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "i686", "packageName": "java-1.7.1-ibm-demo", "packageFilename": "java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "i686", "packageName": "java-1.7.1-ibm-plugin", "packageFilename": "java-1.7.1-ibm-plugin-1.7.1.3.0-1jpp.2.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "i686", "packageName": "java-1.7.1-ibm-jdbc", "packageFilename": "java-1.7.1-ibm-jdbc-1.7.1.3.0-1jpp.2.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "i686", "packageName": "java-1.7.1-ibm-src", "packageFilename": "java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "ppc", "packageName": "java-1.7.1-ibm-plugin", "packageFilename": "java-1.7.1-ibm-plugin-1.7.1.3.0-1jpp.2.el6_6.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "ppc", "packageName": "java-1.7.1-ibm-devel", "packageFilename": "java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el6_6.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "ppc64", "packageName": "java-1.7.1-ibm-jdbc", "packageFilename": "java-1.7.1-ibm-jdbc-1.7.1.3.0-1jpp.2.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "ppc64", "packageName": "java-1.7.1-ibm", "packageFilename": "java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "ppc64", "packageName": "java-1.7.1-ibm-demo", "packageFilename": "java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "ppc", "packageName": "java-1.7.1-ibm", "packageFilename": "java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el6_6.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "ppc64", "packageName": "java-1.7.1-ibm-devel", "packageFilename": "java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "ppc64", "packageName": "java-1.7.1-ibm-src", "packageFilename": "java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "s390x", "packageName": "java-1.7.1-ibm-demo", "packageFilename": "java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "s390x", "packageName": "java-1.7.1-ibm-src", "packageFilename": "java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "s390x", "packageName": "java-1.7.1-ibm-jdbc", "packageFilename": "java-1.7.1-ibm-jdbc-1.7.1.3.0-1jpp.2.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "s390x", "packageName": "java-1.7.1-ibm", "packageFilename": "java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "s390x", "packageName": "java-1.7.1-ibm-devel", "packageFilename": "java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "s390", "packageName": "java-1.7.1-ibm-devel", "packageFilename": "java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el6_6.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1.3.0-1jpp.2.el6_6", "arch": "s390", "packageName": "java-1.7.1-ibm", "packageFilename": "java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el6_6.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "i686", "packageName": "java-1.7.1-ibm", "packageFilename": "java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el7_1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "x86_64", "packageName": "java-1.7.1-ibm-devel", "packageFilename": "java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "x86_64", "packageName": "java-1.7.1-ibm-src", "packageFilename": "java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "x86_64", "packageName": "java-1.7.1-ibm-jdbc", "packageFilename": "java-1.7.1-ibm-jdbc-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "i686", "packageName": "java-1.7.1-ibm-devel", "packageFilename": "java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el7_1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "x86_64", "packageName": "java-1.7.1-ibm-demo", "packageFilename": "java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "x86_64", "packageName": "java-1.7.1-ibm-plugin", "packageFilename": "java-1.7.1-ibm-plugin-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "x86_64", "packageName": "java-1.7.1-ibm", "packageFilename": "java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "ppc64", "packageName": "java-1.7.1-ibm-jdbc", "packageFilename": "java-1.7.1-ibm-jdbc-1.7.1.3.0-1jpp.2.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "ppc", "packageName": "java-1.7.1-ibm", "packageFilename": "java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el7_1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "ppc", "packageName": "java-1.7.1-ibm-plugin", "packageFilename": "java-1.7.1-ibm-plugin-1.7.1.3.0-1jpp.2.el7_1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "ppc", "packageName": "java-1.7.1-ibm-devel", "packageFilename": "java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el7_1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "ppc64", "packageName": "java-1.7.1-ibm", "packageFilename": "java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "ppc64", "packageName": "java-1.7.1-ibm-demo", "packageFilename": "java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "ppc64", "packageName": "java-1.7.1-ibm-devel", "packageFilename": "java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "ppc64", "packageName": "java-1.7.1-ibm-src", "packageFilename": "java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "s390x", "packageName": "java-1.7.1-ibm-devel", "packageFilename": "java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "s390x", "packageName": "java-1.7.1-ibm-demo", "packageFilename": "java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "s390", "packageName": "java-1.7.1-ibm", "packageFilename": "java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el7_1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "s390", "packageName": "java-1.7.1-ibm-devel", "packageFilename": "java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el7_1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "s390x", "packageName": "java-1.7.1-ibm", "packageFilename": "java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "s390x", "packageName": "java-1.7.1-ibm-src", "packageFilename": "java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1.3.0-1jpp.2.el7_1", "arch": "s390x", "packageName": "java-1.7.1-ibm-jdbc", "packageFilename": "java-1.7.1-ibm-jdbc-1.7.1.3.0-1jpp.2.el7_1.s390x.rpm", "operator": "lt"}], "description": "IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment\nand the IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Further information\nabout these flaws can be found on the IBM Java Security alerts page, listed\nin the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192,\nCVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478,\nCVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nNote: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites\nby default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla\nbug 1207101, linked to in the References section, for additional details\nabout this change.\n\nAll users of java-1.7.1-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 7R1 SR3 release. All running instances\nof IBM Java must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2015-05-20T04:00:00", "type": "redhat", "title": "(RHSA-2015:1020) Critical: java-1.7.1-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-1080", "CVE-2015-0138", "CVE-2015-0192", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0469", "CVE-2015-0477", "CVE-2015-0478", "CVE-2015-0480", "CVE-2015-0488", "CVE-2015-0491", "CVE-2015-1914", "CVE-2015-2808"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:16", "id": "RHSA-2015:1020", "href": "https://access.redhat.com/errata/RHSA-2015:1020", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-07T05:57:46", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "src", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "s390x", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "s390x", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "x86_64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "x86_64", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "src", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "s390x", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "s390x", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.s390x.rpm", "operator": "lt"}], "description": "IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Satellite 5. In a typical\noperating environment, these are of low security risk as the runtime is not\nused on untrusted applets. Further information about these flaws can be\nfound on the IBM Java Security alerts page, listed in the References\nsection. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458,\nCVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480,\nCVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nNote: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites\nby default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla\nbug 1207101, linked to from the References section, for additional details\nabout this change.\n\nUsers of Red Hat Satellite 5.6 and 5.7 are advised to upgrade to these\nupdated packages, which contain the IBM Java SE 6 SR16-FP4 release. For\nthis update to take effect, Red Hat Satellite must be restarted\n(\"/usr/sbin/rhn-satellite restart\"), as well as all running instances of\nIBM Java.\n", "reporter": "RedHat", "published": "2015-06-11T04:00:00", "type": "redhat", "title": "(RHSA-2015:1091) Low: Red Hat Satellite IBM Java Runtime security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-1080", "CVE-2015-0138", "CVE-2015-0192", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0469", "CVE-2015-0477", "CVE-2015-0478", "CVE-2015-0480", "CVE-2015-0488", "CVE-2015-0491", "CVE-2015-1914", "CVE-2015-2808"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:02:29", "id": "RHSA-2015:1091", "href": "https://access.redhat.com/errata/RHSA-2015:1091", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:20:11", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-demo", "packageFilename": "java-1.7.0-ibm-demo-1.7.0.9.0-1jpp.1.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-jdbc", "packageFilename": "java-1.7.0-ibm-jdbc-1.7.0.9.0-1jpp.1.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm", "packageFilename": "java-1.7.0-ibm-1.7.0.9.0-1jpp.1.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-src", "packageFilename": "java-1.7.0-ibm-src-1.7.0.9.0-1jpp.1.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-plugin", "packageFilename": "java-1.7.0-ibm-plugin-1.7.0.9.0-1jpp.1.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-devel", "packageFilename": "java-1.7.0-ibm-devel-1.7.0.9.0-1jpp.1.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-plugin", "packageFilename": "java-1.7.0-ibm-plugin-1.7.0.9.0-1jpp.1.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-jdbc", "packageFilename": "java-1.7.0-ibm-jdbc-1.7.0.9.0-1jpp.1.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-devel", "packageFilename": "java-1.7.0-ibm-devel-1.7.0.9.0-1jpp.1.el5.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-demo", "packageFilename": "java-1.7.0-ibm-demo-1.7.0.9.0-1jpp.1.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm", "packageFilename": "java-1.7.0-ibm-1.7.0.9.0-1jpp.1.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-src", "packageFilename": "java-1.7.0-ibm-src-1.7.0.9.0-1jpp.1.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-devel", "packageFilename": "java-1.7.0-ibm-devel-1.7.0.9.0-1jpp.1.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-demo", "packageFilename": "java-1.7.0-ibm-demo-1.7.0.9.0-1jpp.1.el5.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-jdbc", "packageFilename": "java-1.7.0-ibm-jdbc-1.7.0.9.0-1jpp.1.el5.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-src", "packageFilename": "java-1.7.0-ibm-src-1.7.0.9.0-1jpp.1.el5.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm", "packageFilename": "java-1.7.0-ibm-1.7.0.9.0-1jpp.1.el5.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-jdbc", "packageFilename": "java-1.7.0-ibm-jdbc-1.7.0.9.0-1jpp.1.el5.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-jdbc", "packageFilename": "java-1.7.0-ibm-jdbc-1.7.0.9.0-1jpp.1.el5.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-devel", "packageFilename": "java-1.7.0-ibm-devel-1.7.0.9.0-1jpp.1.el5.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-demo", "packageFilename": "java-1.7.0-ibm-demo-1.7.0.9.0-1jpp.1.el5.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-src", "packageFilename": "java-1.7.0-ibm-src-1.7.0.9.0-1jpp.1.el5.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-demo", "packageFilename": "java-1.7.0-ibm-demo-1.7.0.9.0-1jpp.1.el5.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-devel", "packageFilename": "java-1.7.0-ibm-devel-1.7.0.9.0-1jpp.1.el5.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm", "packageFilename": "java-1.7.0-ibm-1.7.0.9.0-1jpp.1.el5.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm", "packageFilename": "java-1.7.0-ibm-1.7.0.9.0-1jpp.1.el5.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-src", "packageFilename": "java-1.7.0-ibm-src-1.7.0.9.0-1jpp.1.el5.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-demo", "packageFilename": "java-1.7.0-ibm-demo-1.7.0.9.0-1jpp.1.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-src", "packageFilename": "java-1.7.0-ibm-src-1.7.0.9.0-1jpp.1.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm", "packageFilename": "java-1.7.0-ibm-1.7.0.9.0-1jpp.1.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-plugin", "packageFilename": "java-1.7.0-ibm-plugin-1.7.0.9.0-1jpp.1.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-devel", "packageFilename": "java-1.7.0-ibm-devel-1.7.0.9.0-1jpp.1.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9.0-1jpp.1.el5", "packageName": "java-1.7.0-ibm-jdbc", "packageFilename": "java-1.7.0-ibm-jdbc-1.7.0.9.0-1jpp.1.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Further information\nabout these flaws can be found on the IBM Java Security alerts page, listed\nin the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192,\nCVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478,\nCVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nNote: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites\nby default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla\nbug 1207101, linked to from the References section, for additional details\nabout this change.\n\nAll users of java-1.7.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 7 SR9 release. All running instances\nof IBM Java must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2015-05-13T04:00:00", "type": "redhat", "title": "(RHSA-2015:1007) Critical: java-1.7.0-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-1080", "CVE-2015-0138", "CVE-2015-0192", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0469", "CVE-2015-0477", "CVE-2015-0478", "CVE-2015-0480", "CVE-2015-0488", "CVE-2015-0491", "CVE-2015-1914", "CVE-2015-2808"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:17:08", "id": "RHSA-2015:1007", "href": "https://access.redhat.com/errata/RHSA-2015:1007", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-12T23:59:50", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-accessibility", "packageFilename": "java-1.6.0-ibm-accessibility-1.6.0.16.4-1jpp.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "i386", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "i386", "packageName": "java-1.6.0-ibm-plugin", "packageFilename": "java-1.6.0-ibm-plugin-1.6.0.16.4-1jpp.1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "i386", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "i386", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "i386", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "i386", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-plugin", "packageFilename": "java-1.6.0-ibm-plugin-1.6.0.16.4-1jpp.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "i386", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "i386", "packageName": "java-1.6.0-ibm-accessibility", "packageFilename": "java-1.6.0-ibm-accessibility-1.6.0.16.4-1jpp.1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "src", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "ppc64", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "ppc64", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm-accessibility", "packageFilename": "java-1.6.0-ibm-accessibility-1.6.0.16.4-1jpp.1.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm-plugin", "packageFilename": "java-1.6.0-ibm-plugin-1.6.0.16.4-1jpp.1.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "ppc64", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "ppc64", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "ppc64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "ppc64", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "s390", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "s390x", "packageName": "java-1.6.0-ibm-accessibility", "packageFilename": "java-1.6.0-ibm-accessibility-1.6.0.16.4-1jpp.1.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "s390", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "s390x", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "s390x", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "s390x", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "s390", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "s390x", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "s390", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "s390", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.16.4-1jpp.1.el5", "arch": "s390x", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "x86_64", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "x86_64", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "x86_64", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "x86_64", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "x86_64", "packageName": "java-1.6.0-ibm-plugin", "packageFilename": "java-1.6.0-ibm-plugin-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "i686", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "x86_64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "x86_64", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "src", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "i686", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "i686", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "i686", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "i686", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "i686", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "i686", "packageName": "java-1.6.0-ibm-plugin", "packageFilename": "java-1.6.0-ibm-plugin-1.6.0.16.4-1jpp.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "ppc", "packageName": "java-1.6.0-ibm-plugin", "packageFilename": "java-1.6.0-ibm-plugin-1.6.0.16.4-1jpp.1.el6_6.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "ppc64", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "ppc64", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "ppc64", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "ppc64", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "ppc64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "ppc64", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "ppc", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "s390", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "s390x", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "s390x", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "s390x", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "s390x", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.16.4-1jpp.1.el6_6", "arch": "s390x", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el6_6.s390x.rpm", "operator": "lt"}], "description": "IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Further information\nabout these flaws can be found on the IBM Java Security alerts page, listed\nin the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192,\nCVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478,\nCVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nNote: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites\nby default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla\nbug 1207101, linked to from the References section, for additional details\nabout this change.\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 6 SR16-FP4 release. All running\ninstances of IBM Java must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2015-05-13T04:00:00", "type": "redhat", "title": "(RHSA-2015:1006) Critical: java-1.6.0-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-1080", "CVE-2015-0138", "CVE-2015-0192", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0469", "CVE-2015-0477", "CVE-2015-0478", "CVE-2015-0480", "CVE-2015-0488", "CVE-2015-0491", "CVE-2015-1914", "CVE-2015-2808"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:19", "id": "RHSA-2015:1006", "href": "https://access.redhat.com/errata/RHSA-2015:1006", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:37", "references": ["https://access.redhat.com/security/cve/CVE-2015-0470", "https://access.redhat.com/security/cve/CVE-2015-0469", "https://access.redhat.com/security/cve/CVE-2015-0478", "https://access.redhat.com/security/cve/CVE-2015-0460", "https://access.redhat.com/security/cve/CVE-2015-0480", "https://access.redhat.com/security/cve/CVE-2015-0488", "https://access.redhat.com/security/cve/CVE-2015-0477", "https://access.redhat.com/security/cve/CVE-2005-1080"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "8.u45-1", "packageName": "jre8-openjdk-headless", "arch": "any", "packageFilename": "UNKNOWN", "operator": "lt"}], "edition": 1, "description": "- CVE-2005-1080 CVE-2015-0480 (directory traversal)\n\nA directory traversal flaw was found in the way the jar tool extracted\nJAR archive files. A specially crafted JAR archive could cause jar to\noverwrite arbitrary files writable by the user running jar when the\narchive was extracted.\n\n- CVE-2015-0460 (arbitrary code execution)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use\nthis flaw to corrupt the Java Virtual Machine memory and, possibly,\nexecute arbitrary code, bypassing Java sandbox restrictions.\n\n- CVE-2015-0469 (arbitrary code execution)\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font\nfile could possibly cause the Java Virtual Machine to execute arbitrary\ncode, allowing an untrusted Java application or applet to bypass Java\nsandbox restrictions.\n\n- CVE-2015-0470 (sandbox restriction bypass)\n\nA flaw was discovered in the Hotspot component in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain Java\nsandbox restrictions.\n\n- CVE-2015-0477 (sandbox restriction bypass)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain Java\nsandbox restrictions.\n\n- CVE-2015-0478 (weak implementation)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n\n- CVE-2015-0488 (denial of service)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly.", "reporter": "Arch Linux", "published": "2015-04-17T00:00:00", "title": "jre8-openjdk-headless: multiple issues", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "archlinux", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "modified": "2015-04-17T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html", "id": "ASA-201504-23", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:42", "references": ["https://access.redhat.com/security/cve/CVE-2015-0469", "https://access.redhat.com/security/cve/CVE-2015-0478", "https://access.redhat.com/security/cve/CVE-2015-0460", "https://access.redhat.com/security/cve/CVE-2015-0480", "https://access.redhat.com/security/cve/CVE-2015-0488", "https://access.redhat.com/security/cve/CVE-2015-0477", "https://access.redhat.com/security/cve/CVE-2005-1080"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "7.u79_2.5.5-1", "packageName": "jdk7-openjdk", "arch": "any", "packageFilename": "UNKNOWN", "operator": "lt"}], "edition": 1, "description": "- CVE-2005-1080 CVE-2015-0480 (directory traversal)\n\nA directory traversal flaw was found in the way the jar tool extracted\nJAR archive files. A specially crafted JAR archive could cause jar to\noverwrite arbitrary files writable by the user running jar when the\narchive was extracted.\n\n- CVE-2015-0460 (arbitrary code execution)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use\nthis flaw to corrupt the Java Virtual Machine memory and, possibly,\nexecute arbitrary code, bypassing Java sandbox restrictions.\n\n- CVE-2015-0469 (arbitrary code execution)\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font\nfile could possibly cause the Java Virtual Machine to execute arbitrary\ncode, allowing an untrusted Java application or applet to bypass Java\nsandbox restrictions.\n\n- CVE-2015-0477 (sandbox restriction bypass)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain Java\nsandbox restrictions.\n\n- CVE-2015-0478 (weak implementation)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n\n- CVE-2015-0488 (denial of service)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly.", "reporter": "Arch Linux", "published": "2015-04-17T00:00:00", "title": "jdk7-openjdk: multiple issues", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "archlinux", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2015-04-17T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html", "id": "ASA-201504-15", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:37", "references": ["https://access.redhat.com/security/cve/CVE-2015-0469", "https://access.redhat.com/security/cve/CVE-2015-0478", "https://access.redhat.com/security/cve/CVE-2015-0460", "https://access.redhat.com/security/cve/CVE-2015-0480", "https://access.redhat.com/security/cve/CVE-2015-0488", "https://access.redhat.com/security/cve/CVE-2015-0477", "https://access.redhat.com/security/cve/CVE-2005-1080"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "7.u79_2.5.5-1", "packageName": "jre7-openjdk", "arch": "any", "packageFilename": "UNKNOWN", "operator": "lt"}], "edition": 1, "description": "- CVE-2005-1080 CVE-2015-0480 (directory traversal)\n\nA directory traversal flaw was found in the way the jar tool extracted\nJAR archive files. A specially crafted JAR archive could cause jar to\noverwrite arbitrary files writable by the user running jar when the\narchive was extracted.\n\n- CVE-2015-0460 (arbitrary code execution)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use\nthis flaw to corrupt the Java Virtual Machine memory and, possibly,\nexecute arbitrary code, bypassing Java sandbox restrictions.\n\n- CVE-2015-0469 (arbitrary code execution)\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font\nfile could possibly cause the Java Virtual Machine to execute arbitrary\ncode, allowing an untrusted Java application or applet to bypass Java\nsandbox restrictions.\n\n- CVE-2015-0477 (sandbox restriction bypass)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain Java\nsandbox restrictions.\n\n- CVE-2015-0478 (weak implementation)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n\n- CVE-2015-0488 (denial of service)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly.", "reporter": "Arch Linux", "published": "2015-04-17T00:00:00", "title": "jre7-openjdk: multiple issues", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "archlinux", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2015-04-17T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html", "id": "ASA-201504-16", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:35", "references": ["https://access.redhat.com/security/cve/CVE-2015-0470", "https://access.redhat.com/security/cve/CVE-2015-0469", "https://access.redhat.com/security/cve/CVE-2015-0478", "https://access.redhat.com/security/cve/CVE-2015-0460", "https://access.redhat.com/security/cve/CVE-2015-0480", "https://access.redhat.com/security/cve/CVE-2015-0488", "https://access.redhat.com/security/cve/CVE-2015-0477", "https://access.redhat.com/security/cve/CVE-2005-1080"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "8.u45-1", "packageFilename": "UNKNOWN", "packageName": "jdk8-openjdk", "arch": "any", "operator": "lt"}], "edition": 1, "description": "- CVE-2005-1080 CVE-2015-0480 (directory traversal)\n\nA directory traversal flaw was found in the way the jar tool extracted\nJAR archive files. A specially crafted JAR archive could cause jar to\noverwrite arbitrary files writable by the user running jar when the\narchive was extracted.\n\n- CVE-2015-0460 (arbitrary code execution)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use\nthis flaw to corrupt the Java Virtual Machine memory and, possibly,\nexecute arbitrary code, bypassing Java sandbox restrictions.\n\n- CVE-2015-0469 (arbitrary code execution)\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font\nfile could possibly cause the Java Virtual Machine to execute arbitrary\ncode, allowing an untrusted Java application or applet to bypass Java\nsandbox restrictions.\n\n- CVE-2015-0470 (sandbox restriction bypass)\n\nA flaw was discovered in the Hotspot component in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain Java\nsandbox restrictions.\n\n- CVE-2015-0477 (sandbox restriction bypass)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain Java\nsandbox restrictions.\n\n- CVE-2015-0478 (weak implementation)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n\n- CVE-2015-0488 (denial of service)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly.", "reporter": "Arch Linux", "published": "2015-04-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "jdk8-openjdk: multiple issues", "type": "archlinux", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "modified": "2015-04-17T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html", "id": "ASA-201504-21", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:43", "references": ["https://access.redhat.com/security/cve/CVE-2015-0470", "https://access.redhat.com/security/cve/CVE-2015-0469", "https://access.redhat.com/security/cve/CVE-2015-0478", "https://access.redhat.com/security/cve/CVE-2015-0460", "https://access.redhat.com/security/cve/CVE-2015-0480", "https://access.redhat.com/security/cve/CVE-2015-0488", "https://access.redhat.com/security/cve/CVE-2015-0477", "https://access.redhat.com/security/cve/CVE-2005-1080"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "8.u45-1", "packageName": "jre8-openjdk", "arch": "any", "packageFilename": "UNKNOWN", "operator": "lt"}], "edition": 1, "description": "- CVE-2005-1080 CVE-2015-0480 (directory traversal)\n\nA directory traversal flaw was found in the way the jar tool extracted\nJAR archive files. A specially crafted JAR archive could cause jar to\noverwrite arbitrary files writable by the user running jar when the\narchive was extracted.\n\n- CVE-2015-0460 (arbitrary code execution)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use\nthis flaw to corrupt the Java Virtual Machine memory and, possibly,\nexecute arbitrary code, bypassing Java sandbox restrictions.\n\n- CVE-2015-0469 (arbitrary code execution)\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font\nfile could possibly cause the Java Virtual Machine to execute arbitrary\ncode, allowing an untrusted Java application or applet to bypass Java\nsandbox restrictions.\n\n- CVE-2015-0470 (sandbox restriction bypass)\n\nA flaw was discovered in the Hotspot component in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain Java\nsandbox restrictions.\n\n- CVE-2015-0477 (sandbox restriction bypass)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain Java\nsandbox restrictions.\n\n- CVE-2015-0478 (weak implementation)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n\n- CVE-2015-0488 (denial of service)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly.", "reporter": "Arch Linux", "published": "2015-04-17T00:00:00", "title": "jre8-openjdk: multiple issues", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "archlinux", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "modified": "2015-04-17T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html", "id": "ASA-201504-22", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:26:10", "references": ["https://rhn.redhat.com/errata/RHSA-2015-0808.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el5_11.i386.rpm", "packageName": "java-1.6.0-openjdk-demo", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el5_11.i386.rpm", "packageName": "java-1.6.0-openjdk-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el5_11.i386.rpm", "packageName": "java-1.6.0-openjdk-src", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el5_11.i386.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el6_6.i686.rpm", "packageName": "java-1.6.0-openjdk-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el5_11.i386.rpm", "packageName": "java-1.6.0-openjdk", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el7_1.src.rpm", "packageName": "java-1.6.0-openjdk", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6.src.rpm", "packageName": "java-1.6.0-openjdk", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el6_6.i686.rpm", "packageName": "java-1.6.0-openjdk-demo", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el5_11.src.rpm", "packageName": "java-1.6.0-openjdk", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el6_6.i686.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6.i686.rpm", "packageName": "java-1.6.0-openjdk", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.35-1.13.7.1.el5_11", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.6.0.35-1.13.7.1.el7_1", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el6_6.i686.rpm", "packageName": "java-1.6.0-openjdk-src", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.35-1.13.7.1.el6_6", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2015:0808\n\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font file\ncould possibly cause the Java Virtual Machine to execute arbitrary code,\nallowing an untrusted Java application or applet to bypass Java sandbox\nrestrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use this\nflaw to corrupt the Java Virtual Machine memory and, possibly, execute\narbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR\narchive files. A specially crafted JAR archive could cause jar to overwrite\narbitrary files writable by the user running jar when the archive was\nextracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n(CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/021065.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/021068.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/021073.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0808.html", "edition": 1, "reporter": "CentOS Project", "published": "2015-04-15T11:08:38", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "java security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2015-04-15T11:35:10", "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/021065.html", "id": "CESA-2015:0808", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:43", "references": ["https://rhn.redhat.com/errata/RHSA-2015-0809.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "x86_64", "packageName": "java-1.8.0-openjdk-devel", "packageFilename": "java-1.8.0-openjdk-devel-1.8.0.45-30.b13.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "i686", "packageName": "java-1.8.0-openjdk", "packageFilename": "java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "noarch", "packageName": "java-1.8.0-openjdk-javadoc", "packageFilename": "java-1.8.0-openjdk-javadoc-1.8.0.45-28.b13.el6_6.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "noarch", "packageName": "java-1.8.0-openjdk-javadoc", "packageFilename": "java-1.8.0-openjdk-javadoc-1.8.0.45-28.b13.el6_6.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "any", "packageName": "java-1.8.0-openjdk", "packageFilename": "java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "i686", "packageName": "java-1.8.0-openjdk-devel", "packageFilename": "java-1.8.0-openjdk-devel-1.8.0.45-28.b13.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "i686", "packageName": "java-1.8.0-openjdk-headless", "packageFilename": "java-1.8.0-openjdk-headless-1.8.0.45-28.b13.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "i686", "packageName": "java-1.8.0-openjdk-src", "packageFilename": "java-1.8.0-openjdk-src-1.8.0.45-28.b13.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "x86_64", "packageName": "java-1.8.0-openjdk-demo", "packageFilename": "java-1.8.0-openjdk-demo-1.8.0.45-30.b13.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "x86_64", "packageName": "java-1.8.0-openjdk-headless", "packageFilename": "java-1.8.0-openjdk-headless-1.8.0.45-28.b13.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "any", "packageName": "java-1.8.0-openjdk", "packageFilename": "java-1.8.0-openjdk-1.8.0.45-30.b13.el7_1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "x86_64", "packageName": "java-1.8.0-openjdk", "packageFilename": "java-1.8.0-openjdk-1.8.0.45-30.b13.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "i686", "packageName": "java-1.8.0-openjdk-demo", "packageFilename": "java-1.8.0-openjdk-demo-1.8.0.45-28.b13.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "x86_64", "packageName": "java-1.8.0-openjdk-accessibility", "packageFilename": "java-1.8.0-openjdk-accessibility-1.8.0.45-30.b13.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "x86_64", "packageName": "java-1.8.0-openjdk", "packageFilename": "java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "x86_64", "packageName": "java-1.8.0-openjdk-src", "packageFilename": "java-1.8.0-openjdk-src-1.8.0.45-30.b13.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "x86_64", "packageName": "java-1.8.0-openjdk-devel", "packageFilename": "java-1.8.0-openjdk-devel-1.8.0.45-28.b13.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "x86_64", "packageName": "java-1.8.0-openjdk-src", "packageFilename": "java-1.8.0-openjdk-src-1.8.0.45-28.b13.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "noarch", "packageName": "java-1.8.0-openjdk-javadoc", "packageFilename": "java-1.8.0-openjdk-javadoc-1.8.0.45-30.b13.el7_1.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.8.0.45-28.b13.el6_6", "arch": "x86_64", "packageName": "java-1.8.0-openjdk-demo", "packageFilename": "java-1.8.0-openjdk-demo-1.8.0.45-28.b13.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.8.0.45-30.b13.el7_1", "arch": "x86_64", "packageName": "java-1.8.0-openjdk-headless", "packageFilename": "java-1.8.0-openjdk-headless-1.8.0.45-30.b13.el7_1.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2015:0809\n\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font file\ncould possibly cause the Java Virtual Machine to execute arbitrary code,\nallowing an untrusted Java application or applet to bypass Java sandbox\nrestrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use this\nflaw to corrupt the Java Virtual Machine memory and, possibly, execute\narbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly. (CVE-2015-0488)\n\nMultiple flaws were discovered in the Beans and Hotspot components in\nOpenJDK. An untrusted Java application or applet could use these flaws to\nbypass certain Java sandbox restrictions. (CVE-2015-0477, CVE-2015-0470)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR\narchive files. A specially crafted JAR archive could cause jar to overwrite\narbitrary files writable by the user running jar when the archive was\nextracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n(CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.8.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/021067.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/021070.html\n\n**Affected packages:**\njava-1.8.0-openjdk\njava-1.8.0-openjdk-accessibility\njava-1.8.0-openjdk-demo\njava-1.8.0-openjdk-devel\njava-1.8.0-openjdk-headless\njava-1.8.0-openjdk-javadoc\njava-1.8.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0809.html", "edition": 1, "reporter": "CentOS Project", "published": "2015-04-15T11:10:56", "title": "java security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "modified": "2015-04-15T11:19:16", "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/021067.html", "id": "CESA-2015:0809", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:42", "references": ["https://rhn.redhat.com/errata/RHSA-2015-0806.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "i686", "packageName": "java-1.7.0-openjdk-src", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "x86_64", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-demo", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-src", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-accessibility", "packageFilename": "java-1.7.0-openjdk-accessibility-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-demo", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "x86_64", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-devel", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "noarch", "packageName": "java-1.7.0-openjdk-javadoc", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el7_1.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "i686", "packageName": "java-1.7.0-openjdk-devel", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "i686", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "any", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el6_6.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-src", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "i686", "packageName": "java-1.7.0-openjdk-demo", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-devel", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "any", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el7_1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.7.0.79-2.5.5.1.el7_1", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-headless", "packageFilename": "java-1.7.0-openjdk-headless-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "noarch", "packageName": "java-1.7.0-openjdk-javadoc", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el6_6.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.79-2.5.5.1.el6_6", "arch": "noarch", "packageName": "java-1.7.0-openjdk-javadoc", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el6_6.noarch.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2015:0806\n\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font file\ncould possibly cause the Java Virtual Machine to execute arbitrary code,\nallowing an untrusted Java application or applet to bypass Java sandbox\nrestrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use this\nflaw to corrupt the Java Virtual Machine memory and, possibly, execute\narbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR\narchive files. A specially crafted JAR archive could cause jar to overwrite\narbitrary files writable by the user running jar when the archive was\nextracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n(CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/021066.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/021069.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-accessibility\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-headless\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0806.html", "edition": 1, "reporter": "CentOS Project", "published": "2015-04-15T11:09:51", "title": "java security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2015-04-15T11:16:47", "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/021066.html", "id": "CESA-2015:0806", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:26:56", "references": ["https://rhn.redhat.com/errata/RHSA-2015-0807.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-src", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-javadoc", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "x86_64", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-devel", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-demo", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "i386", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.2.el5_11.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "i386", "packageName": "java-1.7.0-openjdk-javadoc", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.2.el5_11.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "any", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.2.el5_11.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "i386", "packageName": "java-1.7.0-openjdk-src", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.79-2.5.5.2.el5_11.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "i386", "packageName": "java-1.7.0-openjdk-demo", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.2.el5_11.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.79-2.5.5.2.el5_11", "arch": "i386", "packageName": "java-1.7.0-openjdk-devel", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.2.el5_11.i386.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2015:0807\n\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font file\ncould possibly cause the Java Virtual Machine to execute arbitrary code,\nallowing an untrusted Java application or applet to bypass Java sandbox\nrestrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use this\nflaw to corrupt the Java Virtual Machine memory and, possibly, execute\narbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR\narchive files. A specially crafted JAR archive could cause jar to overwrite\narbitrary files writable by the user running jar when the archive was\nextracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n(CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/021075.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0807.html", "edition": 1, "reporter": "CentOS Project", "published": "2015-04-15T11:47:27", "title": "java security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2015-04-15T11:47:27", "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/021075.html", "id": "CESA-2015:0807", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:14", "references": ["https://rhn.redhat.com/errata/RHSA-2015-0808.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.35-1.13.7.1.70.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.70.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.35-1.13.7.1.70.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.70.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.35-1.13.7.1.70.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.70.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.35-1.13.7.1.70.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.70.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.35-1.13.7.1.70.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.70.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.35-1.13.7.1.70.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.70.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.35-1.13.7.1.70.amzn1", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.70.amzn1.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.35-1.13.7.1.70.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.70.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.35-1.13.7.1.70.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.70.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.35-1.13.7.1.70.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.70.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.35-1.13.7.1.70.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.70.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.35-1.13.7.1.70.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.70.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.35-1.13.7.1.70.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-1.6.0.35-1.13.7.1.70.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}], "description": "**Issue Overview:**\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. ([CVE-2015-0469 __](<https://access.redhat.com/security/cve/CVE-2015-0469>))\n\nA flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. ([CVE-2015-0460 __](<https://access.redhat.com/security/cve/CVE-2015-0460>))\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. ([CVE-2015-0488 __](<https://access.redhat.com/security/cve/CVE-2015-0488>))\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. ([CVE-2015-0477 __](<https://access.redhat.com/security/cve/CVE-2015-0477>))\n\nA directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. ([CVE-2005-1080 __](<https://access.redhat.com/security/cve/CVE-2005-1080>), [CVE-2015-0480 __](<https://access.redhat.com/security/cve/CVE-2015-0480>))\n\nIt was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. ([CVE-2015-0478 __](<https://access.redhat.com/security/cve/CVE-2015-0478>))\n\n \n**Affected Packages:** \n\n\njava-1.6.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.6.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.70.amzn1.i686 \n java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.70.amzn1.i686 \n java-1.6.0-openjdk-1.6.0.35-1.13.7.1.70.amzn1.i686 \n java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.70.amzn1.i686 \n java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.70.amzn1.i686 \n java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.70.amzn1.i686 \n \n src: \n java-1.6.0-openjdk-1.6.0.35-1.13.7.1.70.amzn1.src \n \n x86_64: \n java-1.6.0-openjdk-1.6.0.35-1.13.7.1.70.amzn1.x86_64 \n java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.70.amzn1.x86_64 \n java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.70.amzn1.x86_64 \n java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.70.amzn1.x86_64 \n java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.70.amzn1.x86_64 \n java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.70.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2015-04-23T21:03:00", "title": "Important: java-1.6.0-openjdk", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:14", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2015-04-23T21:03:00", "id": "ALAS-2015-515", "href": "https://alas.aws.amazon.com/ALAS-2015-515.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T16:55:28", "references": ["https://rhn.redhat.com/errata/RHSA-2015-0806.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.79-2.5.5.1.59.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.59.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.79-2.5.5.1.59.amzn1", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.1.59.amzn1.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.79-2.5.5.1.59.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.59.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.79-2.5.5.1.59.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.59.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.79-2.5.5.1.59.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.59.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.79-2.5.5.1.59.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.1.59.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.79-2.5.5.1.59.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-1.7.0.79-2.5.5.1.59.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.79-2.5.5.1.59.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.59.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.79-2.5.5.1.59.amzn1", "arch": "noarch", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.59.amzn1.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.79-2.5.5.1.59.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.59.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.79-2.5.5.1.59.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.59.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.79-2.5.5.1.59.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.59.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}], "description": "**Issue Overview:**\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. ([CVE-2015-0469 __](<https://access.redhat.com/security/cve/CVE-2015-0469>))\n\nA flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. ([CVE-2015-0460 __](<https://access.redhat.com/security/cve/CVE-2015-0460>))\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. ([CVE-2015-0488 __](<https://access.redhat.com/security/cve/CVE-2015-0488>))\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. ([CVE-2015-0477 __](<https://access.redhat.com/security/cve/CVE-2015-0477>))\n\nA directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. ([CVE-2005-1080 __](<https://access.redhat.com/security/cve/CVE-2005-1080>), [CVE-2015-0480 __](<https://access.redhat.com/security/cve/CVE-2015-0480>))\n\nIt was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. ([CVE-2015-0478 __](<https://access.redhat.com/security/cve/CVE-2015-0478>))\n\n \n**Affected Packages:** \n\n\njava-1.7.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.7.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.59.amzn1.i686 \n java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.59.amzn1.i686 \n java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.59.amzn1.i686 \n java-1.7.0-openjdk-1.7.0.79-2.5.5.1.59.amzn1.i686 \n java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.59.amzn1.i686 \n \n noarch: \n java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.59.amzn1.noarch \n \n src: \n java-1.7.0-openjdk-1.7.0.79-2.5.5.1.59.amzn1.src \n \n x86_64: \n java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.59.amzn1.x86_64 \n java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.59.amzn1.x86_64 \n java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.59.amzn1.x86_64 \n java-1.7.0-openjdk-1.7.0.79-2.5.5.1.59.amzn1.x86_64 \n java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.59.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2015-04-23T21:04:00", "title": "Important: java-1.7.0-openjdk", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:28", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "modified": "2015-04-23T21:04:00", "id": "ALAS-2015-516", "href": "https://alas.aws.amazon.com/ALAS-2015-516.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T16:55:02", "references": ["https://rhn.redhat.com/errata/RHSA-2015-0809.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.8.0.45-30.b13.5.amzn1", "arch": "i686", "packageFilename": "java-1.8.0-openjdk-demo-1.8.0.45-30.b13.5.amzn1.i686.rpm", "packageName": "java-1.8.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.8.0.45-30.b13.5.amzn1", "arch": "x86_64", "packageFilename": "java-1.8.0-openjdk-devel-1.8.0.45-30.b13.5.amzn1.x86_64.rpm", "packageName": "java-1.8.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.8.0.45-30.b13.5.amzn1", "arch": "x86_64", "packageFilename": "java-1.8.0-openjdk-demo-1.8.0.45-30.b13.5.amzn1.x86_64.rpm", "packageName": "java-1.8.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.8.0.45-30.b13.5.amzn1", "arch": "i686", "packageFilename": "java-1.8.0-openjdk-src-1.8.0.45-30.b13.5.amzn1.i686.rpm", "packageName": "java-1.8.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.8.0.45-30.b13.5.amzn1", "arch": "i686", "packageFilename": "java-1.8.0-openjdk-1.8.0.45-30.b13.5.amzn1.i686.rpm", "packageName": "java-1.8.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.8.0.45-30.b13.5.amzn1", "arch": "x86_64", "packageFilename": "java-1.8.0-openjdk-headless-1.8.0.45-30.b13.5.amzn1.x86_64.rpm", "packageName": "java-1.8.0-openjdk-headless", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.8.0.45-30.b13.5.amzn1", "arch": "noarch", "packageFilename": "java-1.8.0-openjdk-javadoc-1.8.0.45-30.b13.5.amzn1.noarch.rpm", "packageName": "java-1.8.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.8.0.45-30.b13.5.amzn1", "arch": "x86_64", "packageFilename": "java-1.8.0-openjdk-1.8.0.45-30.b13.5.amzn1.x86_64.rpm", "packageName": "java-1.8.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.8.0.45-30.b13.5.amzn1", "arch": "src", "packageFilename": "java-1.8.0-openjdk-1.8.0.45-30.b13.5.amzn1.src.rpm", "packageName": "java-1.8.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.8.0.45-30.b13.5.amzn1", "arch": "x86_64", "packageFilename": "java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.5.amzn1.x86_64.rpm", "packageName": "java-1.8.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.8.0.45-30.b13.5.amzn1", "arch": "i686", "packageFilename": "java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.5.amzn1.i686.rpm", "packageName": "java-1.8.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.8.0.45-30.b13.5.amzn1", "arch": "i686", "packageFilename": "java-1.8.0-openjdk-headless-1.8.0.45-30.b13.5.amzn1.i686.rpm", "packageName": "java-1.8.0-openjdk-headless", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.8.0.45-30.b13.5.amzn1", "arch": "x86_64", "packageFilename": "java-1.8.0-openjdk-src-1.8.0.45-30.b13.5.amzn1.x86_64.rpm", "packageName": "java-1.8.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.8.0.45-30.b13.5.amzn1", "arch": "i686", "packageFilename": "java-1.8.0-openjdk-devel-1.8.0.45-30.b13.5.amzn1.i686.rpm", "packageName": "java-1.8.0-openjdk-devel", "operator": "lt"}], "description": "**Issue Overview:**\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. ([CVE-2015-0469 __](<https://access.redhat.com/security/cve/CVE-2015-0469>))\n\nA flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. ([CVE-2015-0460 __](<https://access.redhat.com/security/cve/CVE-2015-0460>))\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. ([CVE-2015-0488 __](<https://access.redhat.com/security/cve/CVE-2015-0488>))\n\nMultiple flaws were discovered in the Beans and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. ([CVE-2015-0477 __](<https://access.redhat.com/security/cve/CVE-2015-0477>), [CVE-2015-0470 __](<https://access.redhat.com/security/cve/CVE-2015-0470>))\n\nA directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. ([CVE-2005-1080 __](<https://access.redhat.com/security/cve/CVE-2005-1080>), [CVE-2015-0480 __](<https://access.redhat.com/security/cve/CVE-2015-0480>))\n\nIt was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. ([CVE-2015-0478 __](<https://access.redhat.com/security/cve/CVE-2015-0478>)) \n\n\n \n**Affected Packages:** \n\n\njava-1.8.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.8.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.5.amzn1.i686 \n java-1.8.0-openjdk-headless-1.8.0.45-30.b13.5.amzn1.i686 \n java-1.8.0-openjdk-src-1.8.0.45-30.b13.5.amzn1.i686 \n java-1.8.0-openjdk-1.8.0.45-30.b13.5.amzn1.i686 \n java-1.8.0-openjdk-demo-1.8.0.45-30.b13.5.amzn1.i686 \n java-1.8.0-openjdk-devel-1.8.0.45-30.b13.5.amzn1.i686 \n \n noarch: \n java-1.8.0-openjdk-javadoc-1.8.0.45-30.b13.5.amzn1.noarch \n \n src: \n java-1.8.0-openjdk-1.8.0.45-30.b13.5.amzn1.src \n \n x86_64: \n java-1.8.0-openjdk-devel-1.8.0.45-30.b13.5.amzn1.x86_64 \n java-1.8.0-openjdk-demo-1.8.0.45-30.b13.5.amzn1.x86_64 \n java-1.8.0-openjdk-1.8.0.45-30.b13.5.amzn1.x86_64 \n java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.5.amzn1.x86_64 \n java-1.8.0-openjdk-src-1.8.0.45-30.b13.5.amzn1.x86_64 \n java-1.8.0-openjdk-headless-1.8.0.45-30.b13.5.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2015-05-05T16:13:00", "title": "Important: java-1.8.0-openjdk", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:02", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "modified": "2015-05-05T16:13:00", "id": "ALAS-2015-517", "href": "https://alas.aws.amazon.com/ALAS-2015-517.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2017-04-18T15:51:05", "references": ["http://rhn.redhat.com/errata/RHSA-2015-0854.html", "http://rhn.redhat.com/errata/RHSA-2015-1021.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2015:212", "http://marc.info/?l=oss-security&m=127603032617644&w=2", "http://www.securiteam.com/securitynews/5IP0C0AFGW.html", "http://rhn.redhat.com/errata/RHSA-2015-0857.html", "http://rhn.redhat.com/errata/RHSA-2015-1006.html", "http://www.securityfocus.com/bid/13083", "http://rhn.redhat.com/errata/RHSA-2015-0808.html", "http://rhn.redhat.com/errata/RHSA-2015-1091.html", "http://rhn.redhat.com/errata/RHSA-2015-0858.html", "http://marc.info/?l=bugtraq&m=111331593310508&w=2", "http://advisories.mageia.org/MGASA-2015-0158.html", "http://rhn.redhat.com/errata/RHSA-2015-1007.html", "http://rhn.redhat.com/errata/RHSA-2015-0807.html", "http://rhn.redhat.com/errata/RHSA-2015-0809.html", "http://rhn.redhat.com/errata/RHSA-2015-0806.html", "http://marc.info/?l=oss-security&m=127602564508766&w=2", "https://bugzilla.redhat.com/show_bug.cgi?id=601823", "https://bugzilla.redhat.com/show_bug.cgi?id=594497", "http://rhn.redhat.com/errata/RHSA-2015-1020.html"], "description": "Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.", "edition": 2, "reporter": "NVD", "published": "2005-05-02T00:00:00", "title": "CVE-2005-1080", "type": "cve", "enchantments": {"score": {"modified": "2017-04-18T15:51:05", "vector": "NONE", "value": 6.8}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2005-1080"], "scanner": [], "modified": "2017-01-02T21:59:00", "cpe": ["cpe:/a:sun:sdk:1.5", "cpe:/a:sun:sdk:1.4.2"], "id": "CVE-2005-1080", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1080", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-11-04T10:52:42", "references": ["http://www.securityfocus.com/bid/74147", "http://www.debian.org/security/2015/dsa-3234", "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "http://rhn.redhat.com/errata/RHSA-2015-0854.html", "http://www.securitytracker.com/id/1032120", "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2015-1021.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2015:212", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html", "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", "http://rhn.redhat.com/errata/RHSA-2015-0857.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", "http://rhn.redhat.com/errata/RHSA-2015-1006.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", "http://rhn.redhat.com/errata/RHSA-2015-0808.html", "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", "http://www.debian.org/security/2015/dsa-3235", "http://rhn.redhat.com/errata/RHSA-2015-1091.html", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", "http://rhn.redhat.com/errata/RHSA-2015-0858.html", "http://www-304.ibm.com/support/docview.wss?uid=swg21960194", "http://www.ubuntu.com/usn/USN-2574-1", "http://advisories.mageia.org/MGASA-2015-0158.html", "http://rhn.redhat.com/errata/RHSA-2015-1007.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", "http://rhn.redhat.com/errata/RHSA-2015-0807.html", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html", "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html", "http://rhn.redhat.com/errata/RHSA-2015-0809.html", "http://rhn.redhat.com/errata/RHSA-2015-0806.html", "http://www.debian.org/security/2015/dsa-3316", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", "http://www.ubuntu.com/usn/USN-2573-1", "https://security.gentoo.org/glsa/201603-11", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html", "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", "http://www.securitytracker.com/id/1035517", "http://rhn.redhat.com/errata/RHSA-2015-1020.html"], "edition": 3, "description": "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE.", "reporter": "NVD", "published": "2015-04-16T12:59:32", "title": "CVE-2015-0478", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-0478"], "scanner": [], "cpe": ["cpe:/a:oracle:jdk:1.8.0:update_40", "cpe:/a:oracle:jdk:1.5.0:update_81", "cpe:/a:oracle:jre:1.8.0:update_40", "cpe:/a:oracle:jre:1.7.0:update_76", "cpe:/a:oracle:jdk:1.7.0:update_76", "cpe:/a:oracle:jdk:1.6.0:update_91", "cpe:/a:oracle:jrockit:r28.3.5", "cpe:/a:oracle:jre:1.6.0:update_91", "cpe:/a:oracle:jre:1.5.0:update_81"], "modified": "2017-11-03T21:29:02", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0478", "id": "CVE-2015-0478", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-11-04T10:52:42", "references": ["http://www.debian.org/security/2015/dsa-3234", "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "http://rhn.redhat.com/errata/RHSA-2015-0854.html", "http://www.securitytracker.com/id/1032120", "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2015:212", "http://rhn.redhat.com/errata/RHSA-2015-0857.html", "http://rhn.redhat.com/errata/RHSA-2015-0808.html", "http://www.debian.org/security/2015/dsa-3235", "http://rhn.redhat.com/errata/RHSA-2015-0858.html", "http://www.ubuntu.com/usn/USN-2574-1", "http://advisories.mageia.org/MGASA-2015-0158.html", "http://rhn.redhat.com/errata/RHSA-2015-0807.html", "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html", "http://rhn.redhat.com/errata/RHSA-2015-0809.html", "http://rhn.redhat.com/errata/RHSA-2015-0806.html", "http://www.securityfocus.com/bid/74097", "http://www.debian.org/security/2015/dsa-3316", "http://www.ubuntu.com/usn/USN-2573-1", "https://security.gentoo.org/glsa/201603-11", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html"], "edition": 3, "description": "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.", "reporter": "NVD", "published": "2015-04-16T12:59:17", "title": "CVE-2015-0460", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-0460"], "scanner": [], "cpe": ["cpe:/a:oracle:jdk:1.8.0:update_40", "cpe:/a:oracle:jdk:1.5.0:update_81", "cpe:/a:oracle:jre:1.8.0:update_40", "cpe:/a:oracle:jre:1.7.0:update_76", "cpe:/a:oracle:jdk:1.7.0:update_76", "cpe:/a:oracle:jdk:1.6.0:update_91", "cpe:/a:oracle:jre:1.6.0:update_91", "cpe:/a:oracle:jre:1.5.0:update_81"], "modified": "2017-11-03T21:29:02", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0460", "id": "CVE-2015-0460", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-04T10:52:42", "references": ["http://www.debian.org/security/2015/dsa-3234", "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "http://www.securityfocus.com/bid/74119", "http://rhn.redhat.com/errata/RHSA-2015-0854.html", "http://www.securitytracker.com/id/1032120", "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2015-1021.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2015:212", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html", "http://rhn.redhat.com/errata/RHSA-2015-0857.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", "http://rhn.redhat.com/errata/RHSA-2015-1006.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", "http://rhn.redhat.com/errata/RHSA-2015-0808.html", "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", "http://www.debian.org/security/2015/dsa-3235", "http://rhn.redhat.com/errata/RHSA-2015-1091.html", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", "http://rhn.redhat.com/errata/RHSA-2015-0858.html", "http://www.ubuntu.com/usn/USN-2574-1", "http://advisories.mageia.org/MGASA-2015-0158.html", "http://rhn.redhat.com/errata/RHSA-2015-1007.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", "http://rhn.redhat.com/errata/RHSA-2015-0807.html", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html", "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html", "http://rhn.redhat.com/errata/RHSA-2015-0809.html", "http://rhn.redhat.com/errata/RHSA-2015-0806.html", "http://www.debian.org/security/2015/dsa-3316", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", "http://www.ubuntu.com/usn/USN-2573-1", "https://security.gentoo.org/glsa/201603-11", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html", "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", "http://rhn.redhat.com/errata/RHSA-2015-1020.html"], "edition": 3, "description": "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans.", "reporter": "NVD", "published": "2015-04-16T12:59:31", "title": "CVE-2015-0477", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-0477"], "scanner": [], "cpe": ["cpe:/a:oracle:jdk:1.8.0:update_40", "cpe:/a:oracle:jdk:1.5.0:update_81", "cpe:/a:oracle:jre:1.8.0:update_40", "cpe:/a:oracle:jre:1.7.0:update_76", "cpe:/a:oracle:jdk:1.7.0:update_76", "cpe:/a:oracle:jdk:1.6.0:update_91", "cpe:/a:oracle:jre:1.6.0:update_91", "cpe:/a:oracle:jre:1.5.0:update_81"], "modified": "2017-11-03T21:29:02", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0477", "id": "CVE-2015-0477", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-11-04T10:52:42", "references": ["http://www.debian.org/security/2015/dsa-3234", "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "http://rhn.redhat.com/errata/RHSA-2015-0854.html", "http://www.securitytracker.com/id/1032120", "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2015-1021.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2015:212", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html", "http://rhn.redhat.com/errata/RHSA-2015-0857.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", "http://rhn.redhat.com/errata/RHSA-2015-1006.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", "http://rhn.redhat.com/errata/RHSA-2015-0808.html", "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", "http://www.debian.org/security/2015/dsa-3235", "http://rhn.redhat.com/errata/RHSA-2015-1091.html", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", "http://rhn.redhat.com/errata/RHSA-2015-0858.html", "http://www.ubuntu.com/usn/USN-2574-1", "http://advisories.mageia.org/MGASA-2015-0158.html", "http://rhn.redhat.com/errata/RHSA-2015-1007.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", "http://rhn.redhat.com/errata/RHSA-2015-0807.html", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html", "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html", "http://rhn.redhat.com/errata/RHSA-2015-0809.html", "http://rhn.redhat.com/errata/RHSA-2015-0806.html", "http://www.securityfocus.com/bid/74104", "http://www.debian.org/security/2015/dsa-3316", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", "http://www.ubuntu.com/usn/USN-2573-1", "https://security.gentoo.org/glsa/201603-11", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html", "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", "http://rhn.redhat.com/errata/RHSA-2015-1020.html"], "edition": 3, "description": "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools.", "reporter": "NVD", "published": "2015-04-16T12:59:33", "title": "CVE-2015-0480", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-0480"], "scanner": [], "cpe": ["cpe:/a:oracle:jdk:1.8.0:update_40", "cpe:/a:oracle:jdk:1.5.0:update_81", "cpe:/a:oracle:jre:1.8.0:update_40", "cpe:/a:oracle:jre:1.7.0:update_76", "cpe:/a:oracle:jdk:1.7.0:update_76", "cpe:/a:oracle:jdk:1.6.0:update_91", "cpe:/a:oracle:jre:1.6.0:update_91", "cpe:/a:oracle:jre:1.5.0:update_81"], "modified": "2017-11-03T21:29:02", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0480", "id": "CVE-2015-0480", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-04T10:52:42", "references": ["http://www.debian.org/security/2015/dsa-3234", "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "http://rhn.redhat.com/errata/RHSA-2015-0854.html", "http://www.securitytracker.com/id/1032120", "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2015-1021.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2015:212", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html", "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", "http://rhn.redhat.com/errata/RHSA-2015-0857.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", "http://rhn.redhat.com/errata/RHSA-2015-1006.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", "http://www.securityfocus.com/bid/74111", "http://rhn.redhat.com/errata/RHSA-2015-0808.html", "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", "http://www.debian.org/security/2015/dsa-3235", "http://rhn.redhat.com/errata/RHSA-2015-1091.html", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", "http://rhn.redhat.com/errata/RHSA-2015-0858.html", "http://www-304.ibm.com/support/docview.wss?uid=swg21960194", "http://www.ubuntu.com/usn/USN-2574-1", "http://advisories.mageia.org/MGASA-2015-0158.html", "http://rhn.redhat.com/errata/RHSA-2015-1007.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", "http://rhn.redhat.com/errata/RHSA-2015-0807.html", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html", "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html", "http://rhn.redhat.com/errata/RHSA-2015-0809.html", "http://rhn.redhat.com/errata/RHSA-2015-0806.html", "http://www.debian.org/security/2015/dsa-3316", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", "http://www.ubuntu.com/usn/USN-2573-1", "https://security.gentoo.org/glsa/201603-11", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html", "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", "http://rhn.redhat.com/errata/RHSA-2015-1020.html"], "edition": 3, "description": "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE.", "reporter": "NVD", "published": "2015-04-16T12:59:39", "title": "CVE-2015-0488", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-0488"], "scanner": [], "cpe": ["cpe:/a:oracle:jdk:1.8.0:update_40", "cpe:/a:oracle:jdk:1.5.0:update_81", "cpe:/a:oracle:jre:1.8.0:update_40", "cpe:/a:oracle:jre:1.7.0:update_76", "cpe:/a:oracle:jdk:1.7.0:update_76", "cpe:/a:oracle:jdk:1.6.0:update_91", "cpe:/a:oracle:jrockit:r28.3.5", "cpe:/a:oracle:jre:1.6.0:update_91", "cpe:/a:oracle:jre:1.5.0:update_81"], "modified": "2017-11-03T21:29:02", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0488", "id": "CVE-2015-0488", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-11-04T10:52:42", "references": ["http://www.debian.org/security/2015/dsa-3234", "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "http://rhn.redhat.com/errata/RHSA-2015-0854.html", "http://www.securitytracker.com/id/1032120", "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2015-1021.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2015:212", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html", "http://rhn.redhat.com/errata/RHSA-2015-0857.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", "http://rhn.redhat.com/errata/RHSA-2015-1006.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", "http://rhn.redhat.com/errata/RHSA-2015-0808.html", "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", "http://www.debian.org/security/2015/dsa-3235", "http://rhn.redhat.com/errata/RHSA-2015-1091.html", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", "http://rhn.redhat.com/errata/RHSA-2015-0858.html", "http://www.ubuntu.com/usn/USN-2574-1", "http://advisories.mageia.org/MGASA-2015-0158.html", "http://rhn.redhat.com/errata/RHSA-2015-1007.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", "http://rhn.redhat.com/errata/RHSA-2015-0807.html", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html", "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html", "http://rhn.redhat.com/errata/RHSA-2015-0809.html", "http://rhn.redhat.com/errata/RHSA-2015-0806.html", "http://www.debian.org/security/2015/dsa-3316", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", "http://www.ubuntu.com/usn/USN-2573-1", "https://security.gentoo.org/glsa/201603-11", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html", "http://www.securityfocus.com/bid/74072", "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", "http://rhn.redhat.com/errata/RHSA-2015-1020.html"], "edition": 3, "description": "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.", "reporter": "NVD", "published": "2015-04-16T12:59:23", "title": "CVE-2015-0469", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-0469"], "scanner": [], "cpe": ["cpe:/a:oracle:jdk:1.8.0:update_40", "cpe:/a:oracle:jdk:1.5.0:update_81", "cpe:/a:oracle:jre:1.8.0:update_40", "cpe:/a:oracle:jre:1.7.0:update_76", "cpe:/a:oracle:jdk:1.7.0:update_76", "cpe:/a:oracle:jdk:1.6.0:update_91", "cpe:/a:oracle:jre:1.6.0:update_91", "cpe:/a:oracle:jre:1.5.0:update_81"], "modified": "2017-11-03T21:29:02", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0469", "id": "CVE-2015-0469", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-18T13:48:54", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "6b35-1.13.7-1~deb7u1", "arch": "all", "packageFilename": "openjdk-6_6b35-1.13.7-1~deb7u1_all.deb", "packageName": "openjdk-6", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3234-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 24, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-6\nCVE ID : CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477 \n CVE-2015-0478 CVE-2015-0480 CVE-2015-0488\n\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6b35-1.13.7-1~deb7u1.\n\nWe recommend that you upgrade your openjdk-6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2015-04-24T18:40:07", "title": "[SECURITY] [DSA 3234-1] openjdk-6 security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:48:54", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "modified": "2015-04-24T18:40:07", "id": "DEBIAN:DSA-3234-1:1ADBC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00122.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-18T13:48:33", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "packageVersion": "7u79-2.5.5-1~deb8u1", "arch": "all", "packageFilename": "openjdk-7-jre-headless_7u79-2.5.5-1~deb8u1_all.deb", "packageName": "openjdk-7-jre-headless", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "7u79-2.5.5-1~deb8u1", "arch": "all", "packageFilename": "openjdk-7-source_7u79-2.5.5-1~deb8u1_all.deb", "packageName": "openjdk-7-source", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "7u79-2.5.5-1~deb8u1", "arch": "all", "packageFilename": "openjdk-7-jre-lib_7u79-2.5.5-1~deb8u1_all.deb", "packageName": "openjdk-7-jre-lib", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "7u79-2.5.5-1~deb8u1", "arch": "all", "packageFilename": "openjdk-7-jre_7u79-2.5.5-1~deb8u1_all.deb", "packageName": "openjdk-7-jre", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "7u79-2.5.5-1~deb8u1", "arch": "all", "packageFilename": "openjdk-7-doc_7u79-2.5.5-1~deb8u1_all.deb", "packageName": "openjdk-7-doc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "7u79-2.5.5-1~deb8u1", "arch": "all", "packageFilename": "openjdk-7-jre-zero_7u79-2.5.5-1~deb8u1_all.deb", "packageName": "openjdk-7-jre-zero", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "7u79-2.5.5-1~deb8u1", "arch": "all", "packageFilename": "openjdk-7-dbg_7u79-2.5.5-1~deb8u1_all.deb", "packageName": "openjdk-7-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "7u79-2.5.5-1~deb8u1", "arch": "all", "packageFilename": "icedtea-7-jre-jamvm_7u79-2.5.5-1~deb8u1_all.deb", "packageName": "icedtea-7-jre-jamvm", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "7u79-2.5.5-1~deb8u1", "arch": "all", "packageFilename": "openjdk-7-demo_7u79-2.5.5-1~deb8u1_all.deb", "packageName": "openjdk-7-demo", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "7u79-2.5.5-1~deb8u1", "arch": "all", "packageFilename": "openjdk-7_7u79-2.5.5-1~deb8u1_all.deb", "packageName": "openjdk-7", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "7u79-2.5.5-1~deb8u1", "arch": "all", "packageFilename": "openjdk-7-jdk_7u79-2.5.5-1~deb8u1_all.deb", "packageName": "openjdk-7-jdk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "7", "packageVersion": "7u79-2.5.5-1~deb7u1", "arch": "all", "packageFilename": "openjdk-7_7u79-2.5.5-1~deb7u1_all.deb", "packageName": "openjdk-7", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3235-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 24, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-7\nCVE ID : CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477 \n CVE-2015-0478 CVE-2015-0480 CVE-2015-0488\n\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 7u79-2.5.5-1~deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon in version 7u79-2.5.5-1~deb8u1 (the update will be available\nshortly after the final jessie release).\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7u79-2.5.5-1.\n\nWe recommend that you upgrade your openjdk-7 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2015-04-24T18:41:40", "title": "[SECURITY] [DSA 3235-1] openjdk-7 security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:48:33", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "modified": "2015-04-24T18:41:40", "id": "DEBIAN:DSA-3235-1:44FE6", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00123.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:14:52", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "6b35-1.13.7-1~deb6u1", "arch": "all", "packageFilename": "openjdk-6-jre-zero_6b35-1.13.7-1~deb6u1_all.deb", "packageName": "openjdk-6-jre-zero", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b35-1.13.7-1~deb6u1", "arch": "all", "packageFilename": "openjdk-6-dbg_6b35-1.13.7-1~deb6u1_all.deb", "packageName": "openjdk-6-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b35-1.13.7-1~deb6u1", "arch": "all", "packageFilename": "openjdk-6-jre_6b35-1.13.7-1~deb6u1_all.deb", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b35-1.13.7-1~deb6u1", "arch": "all", "packageFilename": "icedtea-6-jre-cacao_6b35-1.13.7-1~deb6u1_all.deb", "packageName": "icedtea-6-jre-cacao", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b35-1.13.7-1~deb6u1", "arch": "all", "packageFilename": "openjdk-6-source_6b35-1.13.7-1~deb6u1_all.deb", "packageName": "openjdk-6-source", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b35-1.13.7-1~deb6u1", "arch": "all", "packageFilename": "openjdk-6-doc_6b35-1.13.7-1~deb6u1_all.deb", "packageName": "openjdk-6-doc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b35-1.13.7-1~deb6u1", "arch": "all", "packageFilename": "openjdk-6-demo_6b35-1.13.7-1~deb6u1_all.deb", "packageName": "openjdk-6-demo", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b35-1.13.7-1~deb6u1", "arch": "all", "packageFilename": "openjdk-6-jdk_6b35-1.13.7-1~deb6u1_all.deb", "packageName": "openjdk-6-jdk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b35-1.13.7-1~deb6u1", "arch": "all", "packageFilename": "icedtea6-plugin_6b35-1.13.7-1~deb6u1_all.deb", "packageName": "icedtea6-plugin", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b35-1.13.7-1~deb6u1", "arch": "all", "packageFilename": "openjdk-6-jre-lib_6b35-1.13.7-1~deb6u1_all.deb", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b35-1.13.7-1~deb6u1", "arch": "all", "packageFilename": "openjdk-6-jre-headless_6b35-1.13.7-1~deb6u1_all.deb", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b35-1.13.7-1~deb6u1", "arch": "all", "packageFilename": "openjdk-6_6b35-1.13.7-1~deb6u1_all.deb", "packageName": "openjdk-6", "operator": "lt"}], "description": "Package : openjdk-6\nVersion : 6b35-1.13.7-1~deb6u1\nCVE ID : CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477 \n CVE-2015-0478 CVE-2015-0480 CVE-2015-0488\n\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information\ndisclosure or denial of service.\n\nFor Debian 6 \u201cSqueeze\u201d, these problems have been fixed in version\n6b35-1.13.7-1~deb6u1.\n\nWe recommend that you upgrade your openjdk-6 packages.\n\n-- \nRapha\u00ebl Hertzog \u25c8 Debian Developer\n\nSupport Debian LTS: http://www.freexian.com/services/debian-lts.html\nLearn to master Debian: http://debian-handbook.info/get/\n", "edition": 1, "reporter": "Debian", "published": "2015-04-30T13:41:18", "title": "[SECURITY] [DLA 213-1] openjdk-6 security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:52", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "modified": "2015-04-30T13:41:18", "id": "DEBIAN:DLA-213-1:9AD21", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201504/msg00027.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-18T13:49:30", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "packageVersion": "7u79-2.5.6-1~deb8u1", "arch": "all", "packageFilename": "openjdk-7-doc_7u79-2.5.6-1~deb8u1_all.deb", "packageName": "openjdk-7-doc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "7", "packageVersion": "7u79-2.5.6-1~deb7u1", "arch": "all", "packageFilename": "openjdk-7_7u79-2.5.6-1~deb7u1_all.deb", "packageName": "openjdk-7", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "7u79-2.5.6-1~deb8u1", "arch": "all", "packageFilename": "openjdk-7-jre-lib_7u79-2.5.6-1~deb8u1_all.deb", "packageName": "openjdk-7-jre-lib", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "7u79-2.5.6-1~deb8u1", "arch": "all", "packageFilename": "openjdk-7_7u79-2.5.6-1~deb8u1_all.deb", "packageName": "openjdk-7", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "7u79-2.5.6-1~deb8u1", "arch": "all", "packageFilename": "icedtea-7-jre-jamvm_7u79-2.5.6-1~deb8u1_all.deb", "packageName": "icedtea-7-jre-jamvm", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "7u79-2.5.6-1~deb8u1", "arch": "all", "packageFilename": "openjdk-7-jre_7u79-2.5.6-1~deb8u1_all.deb", "packageName": "openjdk-7-jre", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "7u79-2.5.6-1~deb8u1", "arch": "all", "packageFilename": "openjdk-7-jdk_7u79-2.5.6-1~deb8u1_all.deb", "packageName": "openjdk-7-jdk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "7u79-2.5.6-1~deb8u1", "arch": "all", "packageFilename": "openjdk-7-source_7u79-2.5.6-1~deb8u1_all.deb", "packageName": "openjdk-7-source", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "7u79-2.5.6-1~deb8u1", "arch": "all", "packageFilename": "openjdk-7-dbg_7u79-2.5.6-1~deb8u1_all.deb", "packageName": "openjdk-7-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "7u79-2.5.6-1~deb8u1", "arch": "all", "packageFilename": "openjdk-7-demo_7u79-2.5.6-1~deb8u1_all.deb", "packageName": "openjdk-7-demo", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "7u79-2.5.6-1~deb8u1", "arch": "all", "packageFilename": "openjdk-7-jre-zero_7u79-2.5.6-1~deb8u1_all.deb", "packageName": "openjdk-7-jre-zero", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "7u79-2.5.6-1~deb8u1", "arch": "all", "packageFilename": "openjdk-7-jre-headless_7u79-2.5.6-1~deb8u1_all.deb", "packageName": "openjdk-7-jre-headless", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3316-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 25, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-7\nCVE ID : CVE-2014-8873 CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 \n CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488\n CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2621\n CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 CVE-2015-2808\n CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733\n CVE-2015-4748 CVE-2015-4749 CVE-2015-4760\n\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure,\ndenial of service or insecure cryptography.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 7u79-2.5.6-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 7u79-2.5.6-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7u79-2.5.6-1.\n\nWe recommend that you upgrade your openjdk-7 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2015-07-25T10:14:19", "title": "[SECURITY] [DSA 3316-1] openjdk-7 security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:49:30", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2015-2601", "CVE-2015-4749", "CVE-2015-2632", "CVE-2015-2625", "CVE-2015-4732", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-2613", "CVE-2014-8873", "CVE-2015-2808", "CVE-2015-2590", "CVE-2015-2628", "CVE-2015-4733", "CVE-2015-0478", "CVE-2015-2621", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-4731", "CVE-2015-0480", "CVE-2015-4748", "CVE-2015-4760"], "modified": "2015-07-25T10:14:19", "id": "DEBIAN:DSA-3316-1:0E231", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00212.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:17:56", "references": ["https://bugzilla.suse.com/927591"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-debugsource-1.7.0.79-7.4.i586.rpm", "packageName": "java-1_7_0-openjdk-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-headless-debuginfo-1.7.0.79-7.4.x86_64.rpm", "packageName": "java-1_7_0-openjdk-headless-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-devel-debuginfo-1.7.0.79-7.4.i586.rpm", "packageName": "java-1_7_0-openjdk-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-accessibility-1.7.0.79-7.4.i586.rpm", "packageName": "java-1_7_0-openjdk-accessibility", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-1.7.0.79-7.4.x86_64.rpm", "packageName": "java-1_7_0-openjdk", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-devel-1.7.0.79-7.4.x86_64.rpm", "packageName": "java-1_7_0-openjdk-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-accessibility-1.7.0.79-7.4.x86_64.rpm", "packageName": "java-1_7_0-openjdk-accessibility", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-headless-1.7.0.79-7.4.i586.rpm", "packageName": "java-1_7_0-openjdk-headless", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-debuginfo-1.7.0.79-7.4.i586.rpm", "packageName": "java-1_7_0-openjdk-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-headless-1.7.0.79-7.4.x86_64.rpm", "packageName": "java-1_7_0-openjdk-headless", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-devel-1.7.0.79-7.4.i586.rpm", "packageName": "java-1_7_0-openjdk-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-debuginfo-1.7.0.79-7.4.x86_64.rpm", "packageName": "java-1_7_0-openjdk-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-demo-debuginfo-1.7.0.79-7.4.i586.rpm", "packageName": "java-1_7_0-openjdk-demo-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-demo-1.7.0.79-7.4.x86_64.rpm", "packageName": "java-1_7_0-openjdk-demo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-src-1.7.0.79-7.4.x86_64.rpm", "packageName": "java-1_7_0-openjdk-src", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-src-1.7.0.79-7.4.i586.rpm", "packageName": "java-1_7_0-openjdk-src", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-devel-debuginfo-1.7.0.79-7.4.x86_64.rpm", "packageName": "java-1_7_0-openjdk-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "noarch", "packageFilename": "java-1_7_0-openjdk-javadoc-1.7.0.79-7.4.noarch.rpm", "packageName": "java-1_7_0-openjdk-javadoc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-demo-1.7.0.79-7.4.i586.rpm", "packageName": "java-1_7_0-openjdk-demo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-headless-debuginfo-1.7.0.79-7.4.i586.rpm", "packageName": "java-1_7_0-openjdk-headless-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-1.7.0.79-7.4.i586.rpm", "packageName": "java-1_7_0-openjdk", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-debugsource-1.7.0.79-7.4.x86_64.rpm", "packageName": "java-1_7_0-openjdk-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.7.0.79-7.4", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-demo-debuginfo-1.7.0.79-7.4.x86_64.rpm", "packageName": "java-1_7_0-openjdk-demo-debuginfo", "operator": "lt"}], "description": "OpenJDK was updated to 2.5.5 - OpenJdk 7u79 to fix security issues and\n bugs:\n\n The following vulnerabilities were fixed:\n\n * CVE-2015-0458: Deployment: unauthenticated remote attackers could\n execute arbitrary code via multiple protocols.\n * CVE-2015-0459: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n * CVE-2015-0460: Hotspot: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n * CVE-2015-0469: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n * CVE-2015-0477: Beans: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple protocols\n * CVE-2015-0478: JCE: unauthenticated remote attackers could read some\n JAVA accessible data via multiple protocols\n * CVE-2015-0480: Tools: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple protocols and\n cause a partial denial of service (partial DOS)\n * CVE-2015-0484: JavaFX: unauthenticated remote attackers could read,\n update, insert or delete access some Java accessible data via multiple\n protocols and cause a partial denial of service (partial DOS).\n * CVE-2015-0488: JSSE: unauthenticated remote attackers could cause a\n partial denial of service (partial DOS).\n * CVE-2015-0491: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n * CVE-2015-0492: JavaFX: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n\n", "edition": 1, "reporter": "Suse", "published": "2015-04-27T13:05:55", "title": "Security update for java-1_7_0-openjdk (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480", "CVE-2015-0491"], "modified": "2015-04-27T13:05:55", "id": "OPENSUSE-SU-2015:0774-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:47:49", "references": ["https://download.suse.com/patch/finder/?keywords=2082b6af65787f83584579a0178ad27e", "https://bugzilla.suse.com/927591"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.7.0.75-0.9.1", "packageName": "java-1_7_0-openjdk-devel", "packageFilename": "java-1_7_0-openjdk-devel-1.7.0.75-0.9.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.7.0.75-0.9.1", "packageName": "java-1_7_0-openjdk", "packageFilename": "java-1_7_0-openjdk-1.7.0.75-0.9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.7.0.75-0.9.1", "packageName": "java-1_7_0-openjdk-devel", "packageFilename": "java-1_7_0-openjdk-devel-1.7.0.75-0.9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.7.0.75-0.9.1", "packageName": "java-1_7_0-openjdk", "packageFilename": "java-1_7_0-openjdk-1.7.0.75-0.9.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.7.0.75-0.9.1", "packageName": "java-1_7_0-openjdk-demo", "packageFilename": "java-1_7_0-openjdk-demo-1.7.0.75-0.9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.7.0.75-0.9.1", "packageName": "java-1_7_0-openjdk-demo", "packageFilename": "java-1_7_0-openjdk-demo-1.7.0.75-0.9.1.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "OpenJDK was updated to version 2.5.5 - OpenJDK 7u79 to fix security issues\n and bugs.\n\n The following vulnerabilities have been fixed:\n\n * CVE-2015-0458: Deployment: unauthenticated remote attackers could\n execute arbitrary code via multiple protocols.\n * CVE-2015-0459: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n * CVE-2015-0460: Hotspot: unauthenticated remote attackers could\n execute arbitrary code via multiple protocols.\n * CVE-2015-0469: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n * CVE-2015-0477: Beans: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple protocols\n * CVE-2015-0478: JCE: unauthenticated remote attackers could read some\n JAVA accessible data via multiple protocols\n * CVE-2015-0480: Tools: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple protocols\n and cause a partial denial of service (partial DOS)\n * CVE-2015-0484: JavaFX: unauthenticated remote attackers could read,\n update, insert or delete access some Java accessible data via\n multiple protocols and cause a partial denial of service (partial\n DOS).\n * CVE-2015-0488: JSSE: unauthenticated remote attackers could cause a\n partial denial of service (partial DOS).\n * CVE-2015-0491: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n * CVE-2015-0492: JavaFX: unauthenticated remote attackers could\n execute arbitrary code via multiple protocols.\n\n Security Issues:\n\n * CVE-2015-0458\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0458\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0458</a>&gt;\n * CVE-2015-0459\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0459\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0459</a>&gt;\n * CVE-2015-0460\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460</a>&gt;\n * CVE-2015-0469\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469</a>&gt;\n * CVE-2015-0477\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477</a>&gt;\n * CVE-2015-0478\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478</a>&gt;\n * CVE-2015-0480\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480</a>&gt;\n * CVE-2015-0484\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0484\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0484</a>&gt;\n * CVE-2015-0488\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488</a>&gt;\n * CVE-2015-0491\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0491\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0491</a>&gt;\n * CVE-2015-0492\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0492\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0492</a>&gt;\n\n", "edition": 1, "reporter": "Suse", "published": "2015-05-07T21:04:54", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for java-1_7_0-openjdk (critical)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480", "CVE-2015-0491"], "modified": "2015-05-07T21:04:54", "id": "SUSE-SU-2015:0833-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:24:48", "references": ["https://bugzilla.suse.com/927591"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.8.0.45-9.3", "packageFilename": "java-1_8_0-openjdk-debugsource-1.8.0.45-9.3.x86_64.rpm", "packageName": "java-1_8_0-openjdk-debugsource", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.8.0.45-9.3", "packageFilename": "java-1_8_0-openjdk-headless-1.8.0.45-9.3.i586.rpm", "packageName": "java-1_8_0-openjdk-headless", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.8.0.45-9.3", "packageFilename": "java-1_8_0-openjdk-accessibility-1.8.0.45-9.3.x86_64.rpm", "packageName": "java-1_8_0-openjdk-accessibility", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.8.0.45-9.3", "packageFilename": "java-1_8_0-openjdk-1.8.0.45-9.3.x86_64.rpm", "packageName": "java-1_8_0-openjdk", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.8.0.45-9.3", "packageFilename": "java-1_8_0-openjdk-src-1.8.0.45-9.3.i586.rpm", "packageName": "java-1_8_0-openjdk-src", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.8.0.45-9.3", "packageFilename": "java-1_8_0-openjdk-src-1.8.0.45-9.3.x86_64.rpm", "packageName": "java-1_8_0-openjdk-src", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.8.0.45-9.3", "packageFilename": "java-1_8_0-openjdk-headless-debuginfo-1.8.0.45-9.3.i586.rpm", "packageName": "java-1_8_0-openjdk-headless-debuginfo", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.8.0.45-9.3", "packageFilename": "java-1_8_0-openjdk-demo-debuginfo-1.8.0.45-9.3.i586.rpm", "packageName": "java-1_8_0-openjdk-demo-debuginfo", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.8.0.45-9.3", "packageFilename": "java-1_8_0-openjdk-devel-1.8.0.45-9.3.x86_64.rpm", "packageName": "java-1_8_0-openjdk-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.8.0.45-9.3", "packageFilename": "java-1_8_0-openjdk-debuginfo-1.8.0.45-9.3.x86_64.rpm", "packageName": "java-1_8_0-openjdk-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.8.0.45-9.3", "packageFilename": "java-1_8_0-openjdk-headless-debuginfo-1.8.0.45-9.3.x86_64.rpm", "packageName": "java-1_8_0-openjdk-headless-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.8.0.45-9.3", "packageFilename": "java-1_8_0-openjdk-demo-1.8.0.45-9.3.i586.rpm", "packageName": "java-1_8_0-openjdk-demo", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.8.0.45-9.3", "packageFilename": "java-1_8_0-openjdk-demo-debuginfo-1.8.0.45-9.3.x86_64.rpm", "packageName": "java-1_8_0-openjdk-demo-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.8.0.45-9.3", "packageFilename": "java-1_8_0-openjdk-accessibility-1.8.0.45-9.3.i586.rpm", "packageName": "java-1_8_0-openjdk-accessibility", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.8.0.45-9.3", "packageFilename": "java-1_8_0-openjdk-demo-1.8.0.45-9.3.x86_64.rpm", "packageName": "java-1_8_0-openjdk-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.8.0.45-9.3", "packageFilename": "java-1_8_0-openjdk-devel-1.8.0.45-9.3.i586.rpm", "packageName": "java-1_8_0-openjdk-devel", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.8.0.45-9.3", "packageFilename": "java-1_8_0-openjdk-javadoc-1.8.0.45-9.3.noarch.rpm", "packageName": "java-1_8_0-openjdk-javadoc", "arch": "noarch", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.8.0.45-9.3", "packageFilename": "java-1_8_0-openjdk-debugsource-1.8.0.45-9.3.i586.rpm", "packageName": "java-1_8_0-openjdk-debugsource", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.8.0.45-9.3", "packageFilename": "java-1_8_0-openjdk-headless-1.8.0.45-9.3.x86_64.rpm", "packageName": "java-1_8_0-openjdk-headless", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.8.0.45-9.3", "packageFilename": "java-1_8_0-openjdk-debuginfo-1.8.0.45-9.3.i586.rpm", "packageName": "java-1_8_0-openjdk-debuginfo", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.8.0.45-9.3", "packageFilename": "java-1_8_0-openjdk-1.8.0.45-9.3.i586.rpm", "packageName": "java-1_8_0-openjdk", "arch": "i586", "operator": "lt"}], "description": "OpenJDK was updated to jdk8u45-b14 to fix security issues and bugs.\n\n The following vulnerabilities were fixed:\n\n * CVE-2015-0458: Deployment: unauthenticated remote attackers could\n execute arbitrary code via multiple protocols.\n * CVE-2015-0459: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n * CVE-2015-0460: Hotspot: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n * CVE-2015-0469: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n * CVE-2015-0470: Hotspot: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple protocols\n * CVE-2015-0477: Beans: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple protocols\n * CVE-2015-0478: JCE: unauthenticated remote attackers could read some\n JAVA accessible data via multiple protocols\n * CVE-2015-0480: Tools: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple protocols and\n cause a partial denial of service (partial DOS)\n * CVE-2015-0484: JavaFX: unauthenticated remote attackers could read,\n update, insert or delete access some Java accessible data via multiple\n protocols and cause a partial denial of service (partial DOS).\n * CVE-2015-0486: Deployment: unauthenticated remote attackers could read\n some JAVA accessible data via multiple protocols\n * CVE-2015-0488: JSSE: unauthenticated remote attackers could cause a\n partial denial of service (partial DOS).\n * CVE-2015-0491: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n * CVE-2015-0492: JavaFX: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n\n", "edition": 1, "reporter": "Suse", "published": "2015-04-27T13:05:39", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for java-1_8_0-openjdk (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480", "CVE-2015-0486", "CVE-2015-0491"], "modified": "2015-04-27T13:05:39", "id": "OPENSUSE-SU-2015:0773-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:19", "references": ["https://bugzilla.suse.com/912434", "https://bugzilla.suse.com/930365", "https://download.suse.com/patch/finder/?keywords=8e0b4a662058afb89ec5495af0c8e3db", "https://bugzilla.suse.com/912447", "https://download.suse.com/patch/finder/?keywords=cfac8b8406c0b7db38257f6caed57376", "https://bugzilla.suse.com/931702", "https://download.suse.com/patch/finder/?keywords=6f9a706de68429847056a5fac89d2fd8"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr16.4-0.3.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr16.4-0.3.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr16.4-0.3.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-1.6.0_sr16.4-0.3.1.s390x.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr16.4-0.3.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr16.4-0.3.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr16.4-0.3.1.s390x.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Manager 1.7 for SLE", "OSVersion": "11.2", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr16.4-0.3.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr16.4-0.3.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr16.4-0.3.1.s390x.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr16.4-0.3.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr16.4-0.3.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr16.4-0.3.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr16.4-0.3.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr16.4-0.3.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr16.4-0.3.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr16.4-0.3.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr16.4-0.3.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-1.6.0_sr16.4-0.3.1.s390x.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr16.4-0.3.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr16.4-0.3.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Manager 1.7 for SLE", "OSVersion": "11.2", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr16.4-0.3.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr16.4-0.3.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr16.4-0.3.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Manager 1.7 for SLE", "OSVersion": "11.2", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr16.4-0.3.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr16.4-0.3.1.s390x.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Manager 1.7 for SLE", "OSVersion": "11.2", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr16.4-0.3.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr16.4-0.3.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr16.4-0.3.1.i586.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr16.4-0.3.1.s390x.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Manager 1.7 for SLE", "OSVersion": "11.2", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr16.4-0.3.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr16.4-0.3.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr16.4-0.3.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}], "description": "IBM Java 1.6.0 was updated to SR16-FP4 fixing security issues and bugs.\n\n Tabulated information can be found on:\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May_\">http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May_</a>\n 2015\n &lt;<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May\">http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May</a>\n _2015&gt;\n\n CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 CVE-2015-0491\n CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0480 CVE-2015-0488\n CVE-2015-0478 CVE-2015-0477 CVE-2015-0204\n\n", "edition": 1, "reporter": "Suse", "published": "2015-06-18T16:05:48", "title": "Security update for IBM Java (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0138", "CVE-2015-0192", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-1914", "CVE-2015-0459", "CVE-2015-2808", "CVE-2015-0478", "CVE-2015-0204", "CVE-2015-0488", "CVE-2015-0480", "CVE-2015-0491"], "modified": "2015-06-18T16:05:48", "id": "SUSE-SU-2015:1086-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:50:17", "references": ["https://bugzilla.suse.com/912434", "https://bugzilla.suse.com/930365", "https://bugzilla.suse.com/912447", "https://download.suse.com/patch/finder/?keywords=9679d0aa3625acf75e826a41db3c367b", "https://bugzilla.suse.com/931702"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr9.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr9.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr9.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr9.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr9.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr9.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr9.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr9.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr9.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr9.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr9.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr9.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr9.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr9.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr9.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr9.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr9.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr9.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr9.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr9.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr9.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr9.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr9.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr9.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr9.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "IBM Java 1.7.0 was updated to SR9 fixing security issues and bugs.\n\n Tabulated information can be found on:\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May_\">http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May_</a>\n 2015\n &lt;<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May\">http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May</a>\n _2015&gt; .\n\n Security Issues:\n\n * CVE-2015-0192\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0192\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0192</a>&gt;\n * CVE-2015-2808\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808</a>&gt;\n * CVE-2015-1914\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1914\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1914</a>&gt;\n * CVE-2015-0138\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0138\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0138</a>&gt;\n * CVE-2015-0491\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0491\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0491</a>&gt;\n * CVE-2015-0458\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0458\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0458</a>&gt;\n * CVE-2015-0459\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0459\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0459</a>&gt;\n * CVE-2015-0469\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469</a>&gt;\n * CVE-2015-0480\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480</a>&gt;\n * CVE-2015-0488\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488</a>&gt;\n * CVE-2015-0478\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478</a>&gt;\n * CVE-2015-0477\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477</a>&gt;\n * CVE-2015-0204\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204</a>&gt;\n\n", "edition": 1, "reporter": "Suse", "published": "2015-06-27T04:05:10", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for java-1_7_0-ibm (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0138", "CVE-2015-0192", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-1914", "CVE-2015-0459", "CVE-2015-2808", "CVE-2015-0478", "CVE-2015-0204", "CVE-2015-0488", "CVE-2015-0480", "CVE-2015-0491"], "modified": "2015-06-27T04:05:10", "id": "SUSE-SU-2015:1086-4", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00028.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:35:28", "references": ["https://bugzilla.suse.com/912434", "https://bugzilla.suse.com/930365", "https://bugzilla.suse.com/912447", "https://bugzilla.suse.com/931702"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.6.0_sr16.4-15.1", "packageName": "java-1_6_0-ibm-plugin", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr16.4-15.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.6.0_sr16.4-15.1", "packageName": "java-1_6_0-ibm", "packageFilename": "java-1_6_0-ibm-1.6.0_sr16.4-15.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.6.0_sr16.4-15.1", "packageName": "java-1_6_0-ibm-fonts", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr16.4-15.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.6.0_sr16.4-15.1", "packageName": "java-1_6_0-ibm-jdbc", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr16.4-15.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.6.0_sr16.4-15.1", "packageName": "java-1_6_0-ibm-jdbc", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr16.4-15.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.6.0_sr16.4-15.1", "packageName": "java-1_6_0-ibm-fonts", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr16.4-15.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.6.0_sr16.4-15.1", "packageName": "java-1_6_0-ibm", "packageFilename": "java-1_6_0-ibm-1.6.0_sr16.4-15.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "IBM Java 1.6.0 was updated to SR16-FP4 fixing security issues and bugs.\n\n Tabulated information can be found on:\n [<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May\">http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May</a>\n _2015](<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Upda\">http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Upda</a>\n te_May_2015)\n\n CVEs addressed: CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138\n CVE-2015-0491 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0480\n CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204\n\n Additional bugs fixed:\n\n * Fix javaws/plugin stuff should slave plugin update-alternatives\n (bnc#912434)\n * Changed Java to use the system root CA certificates (bnc#912447)\n\n", "edition": 1, "reporter": "Suse", "published": "2015-06-30T17:05:18", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for java-1_6_0-ibm (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0138", "CVE-2015-0192", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-1914", "CVE-2015-0459", "CVE-2015-2808", "CVE-2015-0478", "CVE-2015-0204", "CVE-2015-0488", "CVE-2015-0480", "CVE-2015-0491"], "modified": "2015-06-30T17:05:18", "id": "SUSE-SU-2015:1161-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:36:33", "references": ["https://bugzilla.suse.com/930365", "https://download.suse.com/patch/finder/?keywords=c5428e2c57be4bc06608802e52f69888"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr16.4-0.8.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-32bit-1.6.0_sr16.4-0.8.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr16.4-0.8.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr16.4-0.8.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr16.4-0.8.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-32bit-1.6.0_sr16.4-0.8.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr16.4-0.8.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr16.4-0.8.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr16.4-0.8.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr16.4-0.8.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr16.4-0.8.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr16.4-0.8.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr16.4-0.8.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr16.4-0.8.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr16.4-0.8.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr16.4-0.8.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr16.4-0.8.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr16.4-0.8.1.s390x.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr16.4-0.8.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-alsa-32bit-1.6.0_sr16.4-0.8.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-alsa-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr16.4-0.8.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr16.4-0.8.1.s390x.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr16.4-0.8.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr16.4-0.8.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr16.4-0.8.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr16.4-0.8.1.i586.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr16.4-0.8.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr16.4-0.8.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr16.4-0.8.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-1.6.0_sr16.4-0.8.1.s390x.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr16.4-0.8.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr16.4-0.8.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr16.4-0.8.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr16.4-0.8.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr16.4-0.8.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr16.4-0.8.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr16.4-0.8.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-32bit-1.6.0_sr16.4-0.8.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr16.4-0.8.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-32bit-1.6.0_sr16.4-0.8.1.s390x.rpm", "packageName": "java-1_6_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr16.4-0.8.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-32bit-1.6.0_sr16.4-0.8.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel-32bit", "operator": "lt"}], "description": "IBM Java 1.6.0 was updated to SR16-FP4 fixing security issues and bugs.\n\n Tabulated information can be found on:\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May_\">http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May_</a>\n 2015\n &lt;<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May\">http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May</a>\n _2015&gt;\n\n CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 CVE-2015-0491\n CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0480 CVE-2015-0488\n CVE-2015-0478 CVE-2015-0477 CVE-2015-0204\n\n\n", "edition": 1, "reporter": "Suse", "published": "2015-06-24T22:06:20", "title": "Security update for IBM Java (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0138", "CVE-2015-0192", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-1914", "CVE-2015-0459", "CVE-2015-2808", "CVE-2015-0478", "CVE-2015-0204", "CVE-2015-0488", "CVE-2015-0480", "CVE-2015-0491"], "modified": "2015-06-24T22:06:20", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", "id": "SUSE-SU-2015:1138-1", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:45:49", "references": ["https://download.suse.com/patch/finder/?keywords=224547d04b097be81efdd550de500459", "https://bugzilla.suse.com/912434", "https://bugzilla.suse.com/930365", "https://bugzilla.suse.com/912447", "https://bugzilla.suse.com/931702"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-devel", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr16.4-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm", "packageFilename": "java-1_6_0-ibm-1.6.0_sr16.4-0.3.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-plugin", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr16.4-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-fonts", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr16.4-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-plugin", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr16.4-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-jdbc", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr16.4-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm", "packageFilename": "java-1_6_0-ibm-1.6.0_sr16.4-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-alsa", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr16.4-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-jdbc", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr16.4-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-plugin", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr16.4-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-jdbc", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr16.4-0.3.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-fonts", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr16.4-0.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-fonts", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr16.4-0.3.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-fonts", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr16.4-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-devel", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr16.4-0.3.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm", "packageFilename": "java-1_6_0-ibm-1.6.0_sr16.4-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-jdbc", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr16.4-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-devel", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr16.4-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-jdbc", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr16.4-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm", "packageFilename": "java-1_6_0-ibm-1.6.0_sr16.4-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-fonts", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr16.4-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm", "packageFilename": "java-1_6_0-ibm-1.6.0_sr16.4-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-alsa", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr16.4-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-fonts", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr16.4-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-fonts", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr16.4-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm", "packageFilename": "java-1_6_0-ibm-1.6.0_sr16.4-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-fonts", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr16.4-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm", "packageFilename": "java-1_6_0-ibm-1.6.0_sr16.4-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-jdbc", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr16.4-0.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm", "packageFilename": "java-1_6_0-ibm-1.6.0_sr16.4-0.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-devel", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr16.4-0.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr16.4-0.3.1", "packageName": "java-1_6_0-ibm-plugin", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr16.4-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "IBM Java 1.6.0 was updated to SR16-FP4 fixing security issues and bugs.\n\n Tabulated information can be found on:\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May_\">http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May_</a>\n 2015\n &lt;<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May\">http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May</a>\n _2015&gt;\n\n CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 CVE-2015-0491\n CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0480 CVE-2015-0488\n CVE-2015-0478 CVE-2015-0477 CVE-2015-0204\n\n", "edition": 1, "reporter": "Suse", "published": "2015-06-22T16:04:54", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for IBM Java (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0138", "CVE-2015-0192", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-1914", "CVE-2015-0459", "CVE-2015-2808", "CVE-2015-0478", "CVE-2015-0204", "CVE-2015-0488", "CVE-2015-0480", "CVE-2015-0491"], "modified": "2015-06-22T16:04:54", "id": "SUSE-SU-2015:1086-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00018.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:33", "references": ["https://download.suse.com/patch/finder/?keywords=75c7c1e62322e337b7527c52591a9e20", "https://bugzilla.suse.com/930365", "https://bugzilla.suse.com/931702"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.10-0.6.1", "packageName": "java-1_5_0-ibm-devel-32bit", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr16.10-0.6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.10-0.6.1", "packageName": "java-1_5_0-ibm", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.10-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.10-0.6.1", "packageName": "java-1_5_0-ibm-alsa-32bit", "packageFilename": "java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.10-0.6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.10-0.6.1", "packageName": "java-1_5_0-ibm", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.10-0.6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.10-0.6.1", "packageName": "java-1_5_0-ibm-fonts", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.10-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.10-0.6.1", "packageName": "java-1_5_0-ibm-devel", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.10-0.6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.10-0.6.1", "packageName": "java-1_5_0-ibm-32bit", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr16.10-0.6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.10-0.6.1", "packageName": "java-1_5_0-ibm-fonts", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.10-0.6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.10-0.6.1", "packageName": "java-1_5_0-ibm-plugin", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr16.10-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.10-0.6.1", "packageName": "java-1_5_0-ibm-32bit", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr16.10-0.6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.10-0.6.1", "packageName": "java-1_5_0-ibm-jdbc", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr16.10-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.10-0.6.1", "packageName": "java-1_5_0-ibm", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.10-0.6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.10-0.6.1", "packageName": "java-1_5_0-ibm-fonts", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.10-0.6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.10-0.6.1", "packageName": "java-1_5_0-ibm-devel", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.10-0.6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.10-0.6.1", "packageName": "java-1_5_0-ibm-alsa", "packageFilename": "java-1_5_0-ibm-alsa-1.5.0_sr16.10-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.10-0.6.1", "packageName": "java-1_5_0-ibm-devel-32bit", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr16.10-0.6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.10-0.6.1", "packageName": "java-1_5_0-ibm-devel", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.10-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "IBM Java 1.5.0 was updated to SR16-FP10 fixing security issues and bugs.\n\n Tabulated information can be found on:\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May_\">http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May_</a>\n 2015\n &lt;<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May\">http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May</a>\n _2015&gt;\n\n CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 CVE-2015-0491\n CVE-2015-0459 CVE-2015-0469 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478\n CVE-2015-0477 CVE-2015-0204\n\n\n", "edition": 1, "reporter": "Suse", "published": "2015-06-18T16:05:20", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for IBM Java (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0138", "CVE-2015-0192", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-1914", "CVE-2015-0459", "CVE-2015-2808", "CVE-2015-0478", "CVE-2015-0204", "CVE-2015-0488", "CVE-2015-0480", "CVE-2015-0491"], "modified": "2015-06-18T16:05:20", "id": "SUSE-SU-2015:1085-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:18:27", "references": ["https://bugzilla.suse.com/912434", "https://download.suse.com/patch/finder/?keywords=9ca57b921374626bc74b4dc6c6926af7", "https://bugzilla.suse.com/930365", "https://bugzilla.suse.com/912447", "https://bugzilla.suse.com/931702"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.7.0_sr9.0-0.7.1", "arch": "i586", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr9.0-0.7.1.i586.rpm", "packageName": "java-1_7_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.7.0_sr9.0-0.7.1", "arch": "s390x", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr9.0-0.7.1.s390x.rpm", "packageName": "java-1_7_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.7.0_sr9.0-0.7.1", "arch": "x86_64", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr9.0-0.7.1.x86_64.rpm", "packageName": "java-1_7_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.7.0_sr9.0-0.7.1", "arch": "x86_64", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr9.0-0.7.1.x86_64.rpm", "packageName": "java-1_7_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.7.0_sr9.0-0.7.1", "arch": "i586", "packageFilename": "java-1_7_0-ibm-1.7.0_sr9.0-0.7.1.i586.rpm", "packageName": "java-1_7_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.7.0_sr9.0-0.7.1", "arch": "s390x", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr9.0-0.7.1.s390x.rpm", "packageName": "java-1_7_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.7.0_sr9.0-0.7.1", "arch": "x86_64", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr9.0-0.7.1.x86_64.rpm", "packageName": "java-1_7_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.7.0_sr9.0-0.7.1", "arch": "x86_64", "packageFilename": "java-1_7_0-ibm-1.7.0_sr9.0-0.7.1.x86_64.rpm", "packageName": "java-1_7_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.7.0_sr9.0-0.7.1", "arch": "i586", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr9.0-0.7.1.i586.rpm", "packageName": "java-1_7_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.7.0_sr9.0-0.7.1", "arch": "i586", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr9.0-0.7.1.i586.rpm", "packageName": "java-1_7_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.7.0_sr9.0-0.7.1", "arch": "i586", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr9.0-0.7.1.i586.rpm", "packageName": "java-1_7_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.7.0_sr9.0-0.7.1", "arch": "x86_64", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr9.0-0.7.1.x86_64.rpm", "packageName": "java-1_7_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "1.7.0_sr9.0-0.7.1", "arch": "s390x", "packageFilename": "java-1_7_0-ibm-1.7.0_sr9.0-0.7.1.s390x.rpm", "packageName": "java-1_7_0-ibm", "operator": "lt"}], "description": "IBM Java 1.7.0 was updated to SR9 fixing security issues and bugs.\n\n Tabulated information can be found on:\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May_\">http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May_</a>\n 2015\n &lt;<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May\">http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May</a>\n _2015&gt;\n\n CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 CVE-2015-0491\n CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0480 CVE-2015-0488\n CVE-2015-0478 CVE-2015-0477 CVE-2015-0204\n\n", "edition": 1, "reporter": "Suse", "published": "2015-06-24T22:05:08", "title": "Security update for Java (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0138", "CVE-2015-0192", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-1914", "CVE-2015-0459", "CVE-2015-2808", "CVE-2015-0478", "CVE-2015-0204", "CVE-2015-0488", "CVE-2015-0480", "CVE-2015-0491"], "modified": "2015-06-24T22:05:08", "id": "SUSE-SU-2015:1086-3", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00021.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2018-12-06T13:23:58", "references": [], "description": "### *CVSS*:\n10.0\n\n### *Detect date*:\n04/14/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nUse-after-free, XSS and aother unspecified vulnerabilities were found in Microsoft products. By exploiting these vulnerabilities malicious users can execute or inject arbitrary code. These vulnerabilities can be exploited remotely via a specially designed Office document.\n\n### *Affected products*:\nMicrosoft Office 2007 Service Pack 3 \nMicrosoft Office 2010 x86, x64 Service Pack 2 \nMicrosoft Office 2013 x86, x64, RT Service Pack1 \nMicrosoft Word Viewer \nMicrosoft Office Compatibility Pack Service Pack 3 \nMicrosoft SharePoint Server 2010 Service Pack 2 \nMicrosoft SharePoinr Server 2013 Service Pack 1 \nMicrosoft Office Web Apps 2010 Service Pack 2 \nMicrosoft Office Web Apps 2013 Service Pack 1\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[MS15-033](<https://technet.microsoft.com/en-us/library/security/ms15-033>) \n[CVE-2015-0204](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0204>) \n[CVE-2015-0484](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0484>) \n[CVE-2015-0492](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0492>) \n[CVE-2015-0469](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0469>) \n[CVE-2015-0478](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0478>) \n[CVE-2015-0480](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0480>) \n[CVE-2015-0477](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0477>) \n[CVE-2015-0458](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0458>) \n[CVE-2015-0459](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0459>) \n[CVE-2015-0470](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0470>) \n[CVE-2015-0488](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0488>) \n[CVE-2015-0486](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0486>) \n[CVE-2015-0491](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0491>) \n[CVE-2015-0460](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0460>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Office](<https://threats.kaspersky.com/en/product/Microsoft-Office/>)\n\n### *CVE-IDS*:\n[CVE-2015-0204](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204>) \n[CVE-2015-0484](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0484>) \n[CVE-2015-0492](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0492>) \n[CVE-2015-0469](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469>) \n[CVE-2015-0478](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478>) \n[CVE-2015-0480](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480>) \n[CVE-2015-0477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477>) \n[CVE-2015-0458](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0458>) \n[CVE-2015-0459](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0459>) \n[CVE-2015-0470](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470>) \n[CVE-2015-0488](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488>) \n[CVE-2015-0486](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0486>) \n[CVE-2015-0491](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0491>) \n[CVE-2015-0460](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460>) \n\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[2965224](<http://support.microsoft.com/kb/2965224>) \n[2965284](<http://support.microsoft.com/kb/2965284>) \n[2553428](<http://support.microsoft.com/kb/2553428>) \n[2965236](<http://support.microsoft.com/kb/2965236>) \n[2965215](<http://support.microsoft.com/kb/2965215>) \n[2553164](<http://support.microsoft.com/kb/2553164>) \n[2965238](<http://support.microsoft.com/kb/2965238>) \n[2965210](<http://support.microsoft.com/kb/2965210>) \n[2965289](<http://support.microsoft.com/kb/2965289>) \n[3051737](<http://support.microsoft.com/kb/3051737>) \n[2965306](<http://support.microsoft.com/kb/2965306>) \n[3055707](<http://support.microsoft.com/kb/3055707>)", "edition": 27, "reporter": "Kaspersky Lab", "published": "2015-04-14T00:00:00", "title": "\r KLA10551Code execution vulnerabilities in Microsoft Office ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0478", "CVE-2015-0204", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480", "CVE-2015-0486", "CVE-2015-0491"], "modified": "2018-12-04T00:00:00", "id": "KLA10551", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10551", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-06T13:23:30", "references": [], "description": "### *CVSS*:\n10.0\n\n### *Detect date*:\n04/14/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn unspecified vulnerabilities were found in Oracle products. By exploiting these vulnerabilities malicious users can affect integrity, availability and confidentiality. These vulnerabilities can be exploited remotely via an unknown vectors related to 2D, Hotspot, JavaFX, Delpoyment, Tools, JSSE, Beans and JCE.\n\n### *Affected products*:\nOracle Java SE 5u81, 6u91, 7u76, 8u40 \nOracle JavaFX 2.2.76 \nOracle JRockit R28.3.5\n\n### *Solution*:\nUpdate to the latest version \n[Get Java SE](<http://www.oracle.com/technetwork/java/javase/downloads/index.html>)\n\n### *Original advisories*:\n[Oracle bulletin](<http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Oracle Java JRE 1.7.x](<https://threats.kaspersky.com/en/product/Oracle-Java-JRE-1.7.x/>)\n\n### *CVE-IDS*:\n[CVE-2015-0204](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204>) \n[CVE-2015-0484](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0484>) \n[CVE-2015-0492](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0492>) \n[CVE-2015-0469](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469>) \n[CVE-2015-0478](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478>) \n[CVE-2015-0480](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480>) \n[CVE-2015-0477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477>) \n[CVE-2015-0458](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0458>) \n[CVE-2015-0459](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0459>) \n[CVE-2015-0470](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470>) \n[CVE-2015-0488](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488>) \n[CVE-2015-0486](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0486>) \n[CVE-2015-0491](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0491>) \n[CVE-2015-0460](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460>)", "edition": 28, "reporter": "Kaspersky Lab", "published": "2015-04-14T00:00:00", "title": "\r KLA10548Multiple vulnerabilities in Oracle products ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0478", "CVE-2015-0204", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480", "CVE-2015-0486", "CVE-2015-0491"], "modified": "2018-12-04T00:00:00", "id": "KLA10548", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10548", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:11", "references": [], "edition": 1, "description": "## Vulnerability Description\nThe Jar utility provided with Java's JDK/SDK allows the extraction of files with names that traverse the directory structure of host system. This could be used to create a malicious Jar that will overwrite arbitrary files on the host system when it is extracted.\n## Technical Description\nIf a malicious jar file is created including a file with a name such as, ../../../../../<directory>/<filename>, when this jar is extracted, it will overwrite a file matching /<directory>/<filename>.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nThe Jar utility provided with Java's JDK/SDK allows the extraction of files with names that traverse the directory structure of host system. This could be used to create a malicious Jar that will overwrite arbitrary files on the host system when it is extracted.\n## References:\n[Secunia Advisory ID:14902](https://secuniaresearch.flexerasoftware.com/advisories/14902/)\nOther Advisory URL: http://www.securiteam.com/securitynews/5IP0C0AFGW.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0148.html\n[CVE-2005-1080](https://vulners.com/cve/CVE-2005-1080)\n", "reporter": "pluf(pluf@7a69ezine.org)", "published": "2005-04-11T09:43:08", "title": "Sun JDK / SDK Jar Handling Traversal Arbitrary File Overwrite", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "SDK", "version": "1.5.0", "operator": "eq"}, {"name": "SDK", "version": "1.4.2", "operator": "eq"}], "cvelist": ["CVE-2005-1080"], "modified": "2005-04-11T09:43:08", "href": "https://vulners.com/osvdb/OSVDB:15435", "id": "OSVDB:15435", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:16:00", "references": ["http://www.securiteam.com/securitynews/5IP0C0AFGW.html", "http://secunia.com/advisories/14902/", "http://marc.theaimsgroup.com/?l=bugtraq&m=111331593310508"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.3.1.0_1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "diablo-jdk", "operator": "le"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.4.2_2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-blackdown-jdk", "operator": "le"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.4.2_1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-ibm-jdk", "operator": "le"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.2.2p11_3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "jdk", "operator": "le"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-jdk", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "i386.1.5.0.07.00", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "diablo-jdk-freebsd6", "operator": "le"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.4.2.08_1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-sun-jdk", "operator": "le"}], "description": "\nPluf has discovered a vulnerability in Sun Java JDK/SDK,\n\t which potentially can be exploited by malicious people to\n\t compromise a user's system.\n\nThe jar tool does not check properly if the files to be\n\t extracted have the string \"../\" on its names, so it's\n\t possible for an attacker to create a malicious jar file in\n\t order to overwrite arbitrary files within the filesystem.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2005-04-11T00:00:00", "title": "jdk -- jar directory traversal vulnerability", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-1080"], "modified": "2006-09-12T00:00:00", "id": "18E5428F-AE7C-11D9-837D-000E0C2E438A", "href": "https://vuxml.freebsd.org/freebsd/18e5428f-ae7c-11d9-837d-000e0c2e438a.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "aix": [{"lastseen": "2018-08-31T00:08:35", "aixFileset": [{"productVersions": ["any"], "versionGte": "7.0.0.205", "fileset": "Java7.sdk", "versionLte": "7.0.0.205", "productName": "aix"}, {"productVersions": ["any"], "versionGte": "7.0.0.205", "fileset": "Java7_64.sdk", "versionLte": "7.0.0.205", "productName": "aix"}, {"productVersions": ["any"], "versionGte": "6.0.0.480", "fileset": "Java6.sdk", "versionLte": "6.0.0.480", "productName": "aix"}, {"productVersions": ["any"], "versionGte": "7.1.0.85", "fileset": "Java71.sdk", "versionLte": "7.1.0.85", "productName": "aix"}, {"productVersions": ["any"], "versionGte": "5.0.0.600", "fileset": "Java5_64.sdk", "versionLte": "5.0.0.600", "productName": "aix"}, {"productVersions": ["any"], "versionGte": "6.0.0.480", "fileset": "Java6_64.sdk", "versionLte": "6.0.0.480", "productName": "aix"}, {"productVersions": ["any"], "versionGte": "5.0.0.600", "fileset": "Java5.sdk", "versionLte": "5.0.0.600", "productName": "aix"}, {"productVersions": ["any"], "versionGte": "7.1.0.85", "fileset": "Java71_64.sdk", "versionLte": "7.1.0.85", "productName": "aix"}], "references": [], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Wed Jun 3 12:58:42 CDT 2015 \n|Updated: Wed Jun 3 16:10:11 CDT 2015\n|Update: Corrected affected fileset levels \n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/java_april2015_advisory.asc\nhttps://aix.software.ibm.com/aix/efixes/security/java_april2015_advisory.asc\nftp://aix.software.ibm.com/aix/efixes/security/java_april2015_advisory.asc\n\n \nSecurity Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX\n CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480\n CVE-2015-0486 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-2808\n CVE-2015-1916 CVE-2015-1914 CVE-2015-0192 CVE-2015-0204\n\n\n===============================================================================\n\nSUMMARY:\n\n There are multiple vulnerabilities in IBM SDK Java Technology Edition,\n Versions 5, 6, 7, 7.1 that are used by AIX. These issues were disclosed as\n part of the IBM Java SDK updates in April 2015.\n\n This bulletin also addresses FREAK: Factoring Attack on RSA-EXPORT keys'\n SSL/TLS vulnerability and RC4 Bar Mitzvah Attack for SSL/TLS vulnerability.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n\n CVE-2015-0204 was fixed in IBM SDK, Java Technology Edition under\n CVE-2015-0138. Both CVEs are included in this advisory for completeness. \n\n CVEID: CVE-2015-0491\n DESCRIPTION: An unspecified vulnerability related to the 2D component has\n complete confidentiality impact, complete integrity impact, and\n complete availability impact.\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/102329 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n CVEID: CVE-2015-0459\n DESCRIPTION: An unspecified vulnerability related to the 2D component has\n complete confidentiality impact, complete integrity impact, and\n complete availability impact.\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/102328 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n CVEID: CVE-2015-0469\n DESCRIPTION: An unspecified vulnerability related to the 2D component has\n complete confidentiality impact, complete integrity impact, and\n complete availability impact.\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/102327 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n CVEID: CVE-2015-0458\n DESCRIPTION: An unspecified vulnerability related to the Deployment\n component has complete confidentiality impact, complete integrity\n impact, and complete availability impact.\n CVSS Base Score: 7.6\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/102332 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) \n\n CVEID: CVE-2015-0480\n DESCRIPTION: A directory traversal vulnerability related to the Tools\n component and the extraction of JAR archive files could allow remote\n attacker to overwrite files on the system with privileges of another\n user.\n CVSS Base Score: 5.8\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/102334 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:P) \n\n CVEID: CVE-2015-0488\n DESCRIPTION: An unspecified vulnerability related to the JSSE component\n could allow a remote attacker to cause a denial of service.\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/102336 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n CVEID: CVE-2015-0478\n DESCRIPTION: An unspecified vulnerability related to the JCE component\n could allow a remote attacker to obtain sensitive information.\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/102339 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n CVEID: CVE-2015-0477\n DESCRIPTION: An unspecified vulnerability related to the Beans component\n has no confidentiality impact, partial integrity impact, and no\n availability impact.\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/102337 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n\n CVEID: CVE-2015-0204\n DESCRIPTION: A vulnerability in the OpenSSL ssl3_get_key_exchange\n function could allow a remote attacker to downgrade the security of\n certain TLS connections. An OpenSSL client accepts the use of an RSA\n temporary key in a non-export RSA key exchange ciphersuite. This\n could allow a remote attacker using man-in-the-middle techniques to\n facilitate brute-force decryption of TLS/SSL traffic between\n vulnerable clients and servers. This vulnerability is also known as\n the FREAK attack.\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/99707 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n CVEID: CVE-2015-0192\n DESCRIPTION: A vulnerability in the IBM implementation of the Java\n Virtual Machine may, under limited circumstances, allow untrusted\n code running under a security manager to elevate its privileges.\n CVSS Base Score: 6.8\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/101008 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n\n CVEID: CVE-2015-0486\n DESCRIPTION: An unspecified vulnerability related to the Deployment\n component could allow a remote attacker to obtain sensitive\n information.\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/102335 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n CVEID: CVE-2015-2808\n DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL\n protocol, could allow a remote attacker to obtain sensitive\n information. An attacker could exploit this vulnerability to remotely\n expose account credentials without requiring an active\n man-in-the-middle session. Successful exploitation could allow an\n attacker to retrieve credit card data or other sensitive information.\n This vulnerability is commonly referred to as \"Bar Mitzvah Attack\".\n CVSS Base Score: 5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/101851\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n\n CVEID: CVE-2015-1916\n DESCRIPTION: Server applications which use the IBM Java Secure Socket\n Extension provider to accept SSL/TLS connections are vulnerable to a\n denial of service attack due to an unspecified vulnerability.\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/101995 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n CVEID: CVE-2015-1914\n DESCRIPTION: A vulnerability in the IBM implementation of the Java Virtual\n Machine may allow untrusted code running under a security manager to\n bypass permission checks and view sensitive information.\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/101908 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n CVEID: CVE-2015-0138\n DESCRIPTION: A vulnerability in various IBM SSL/TLS implementations could\n allow a remote attacker to downgrade the security of certain SSL/TLS\n connections. An IBM SSL/TLS client implementation could accept the use\n of an RSA temporary key in a non-export RSA key exchange ciphersuite.\n This could allow a remote attacker using man-in-the-middle techniques\n to facilitate brute-force decryption of TLS/SSL traffic between\n vulnerable clients and servers. This vulnerability is also known as the\n FREAK attack.\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/100691 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 5.3, 6.1, 7.1\n VIOS 2.2.x\n\n The following fileset levels (VRMF) are vulnerable, if the \n respective Java version is installed:\n For Java5: Less than 5.0.0.600\n For Java6: Less than 6.0.0.480\n For Java7: Less than 7.0.0.205\n For Java7.1: Less than 7.1.0.85\n\n Note: to find out whether the affected Java filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i java\n\n\n REMEDIATION:\n \n IBM SDK, Java Technology Edition, Version 5.0 Service Refresh 16 \n Fix Pack 10 and subsequent releases:\n 32-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=5.0.0.0&platform=AIX+32-bit,+pSeries&function=all\n 64-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=5.0.0.0&platform=AIX+64-bit,+pSeries&function=all\n\n IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix \n Pack 4 and subsequent releases:\n 32-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=6.0.0.0&platform=AIX+32-bit,+pSeries&function=all\n 64-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=6.0.0.0&platform=AIX+64-bit,+pSeries&function=all\n\n IBM SDK, Java Technology Edition, Version 7 Service Refresh 9 and\n subsequent releases:\n 32-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+32-bit,+pSeries&function=all \n 64-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+64-bit,+pSeries&function=all\n\n IBM SDK, Java Technology Edition, Version 7.1 Service Refresh 3 and\n subsequent releases:\n 32-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+32-bit,+pSeries&function=all\n 64-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+64-bit,+pSeries&function=all \n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team via security-alert@austin.ibm.com you\n can either:\n\n A. Download the key from our web page:\n\nhttp://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2:\n http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n IBM Java SDK Security Bulletin: \n http://www-01.ibm.com/support/docview.wss?uid=swg21883640 \n\n\nACKNOWLEDGEMENTS:\n\n CVE-2015-1916 and CVE-2015-0138 were reported to IBM by Karthikeyan\n Bhargavan of the PROSECCO team at INRIA \n\n\nCHANGE HISTORY:\n\n First Issued: Wed Jun 3 12:58:42 CDT 2015 \n| Updated: Wed Jun 3 16:10:11 CDT 2015\n| Update: Corrected affected fileset levels\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n \n", "edition": 3, "reporter": "CentOS Project", "published": "2015-06-03T12:58:42", "title": "Multiple vulnerabilities in IBM Java SDK affect AIX", "type": "aix", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "aix": {"apars": []}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0138", "CVE-2015-0192", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-1914", "CVE-2015-0459", "CVE-2015-2808", "CVE-2015-0478", "CVE-2015-0204", "CVE-2015-0488", "CVE-2015-0480", "CVE-2015-0486", "CVE-2015-1916", "CVE-2015-0491"], "modified": "2015-06-03T16:10:11", "id": "JAVA_APRIL2015_ADVISORY.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/java_april2015_advisory.asc", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T22:56:18", "_object_types": ["robots.models.base.Bulletin", "robots.models.threatpost.ThreatpostBulletin"], "references": ["https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf"], "description": "A number of TLS software implementations contain vulnerabilities that allow hackers with minimal computational expense to learn RSA keys.\n\nFlorian Weimer, a researcher with Red Hat, last week published a paper called \u201c[Factoring RSA Keys With TLS Perfect Forward Secrecy](<https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf>)\u201d that demonstrated vulnerabilities in a number of devices, including a popular Citrix load balancer and others from Hillstone Networks, Nortel, Viprinet and others.\n\nThe TLS implementations in these products, Weimer said, lack proper hardening to defend against what is known as the Lenstra attack against the Chinese Remainder Theorem, also known as RSA-CRT.\n\n\u201cIf a fault happened during the computation of a signature (using the RSA-CRT optimization), an attacker might be able to recover the private key from the signature (an \u201cRSA-CRT key leak\u201d). At the time, use of cryptography on the Internet was uncommon, and even ten years later, most TLS (or HTTPS) connections were immune to this problem by design because they did not use RSA signatures,\u201d Weimer wrote of the Lenstra attacks. \u201cThis changed gradually, when forward secrecy for TLS was recommended and introduced by many web sites.\u201d\n\nLenstra is described as a side-channel attack, and Weimer said that the RSA algorithm itself is safe against this attack and that the weakness is strictly in the various implementations that are not hardened.\n\n\u201cWe saw several RSA-CRT key leaks, where we should not have observed any at all,\u201d he wrote, adding that implementations in OpenSSL and NSS were hardened, for example, and that Oracle patched OpenJDK in CVE-2015-0478 after working with Weimer. All browser PKI certs where leaks were observed, have been replaced and revoked, he added.\n\nHackers can use this offline attack relatively inexpensively compared to other cryptographic attacks, he wrote. Grabbing a private crypto key, however, is extremely dangerous to the data and communication the TLS encryption is supposed to be protecting. An attacker, Weimer said, would already have to be on the network via a man-in-the-middle attack or server compromise to pull off this type of secondary attack and ultimately impersonate the server in question.\n\n\u201cEither the client making the TLS handshake can see this leak, or a passive observer capturing network traffic,\u201d Weimer wrote. \u201cThe key leak also enables decryption of connections which do not use forward secrecy, without the need for a man-in-the-middle attack.\u201d\n\nAttacks, meanwhile, are difficult to spot since they\u2019re conducted offline. An intrusion detection system, Weimer said, could spot a key leak if it is configured to check all TLS handshakes.\n\n\u201cFor the key leaks we have observed, we do not think there is a way for remote attackers to produce key leaks at will, in the sense that an attacker could manipulate the server over the network in such a way that the probability of a key leak in a particular TLS handshake increases,\u201d Weimer said. \u201cThe only thing the attacker can do is to capture as many handshakes as possible, perhaps by initiating many such handshakes themselves.\u201d\n\nForward secrecy is being implemented in many critical systems. With forward secrecy, a new crypto key is generated for every session, meaning that if a hacker is able to intercept many sessions, he would not be able to crack them all someday if he figured out one key\u2014just one session. Disabling forward secrecy, he said, is not a wise strategy.\n\n\u201cDisabling forward secrecy would enable passive observers of past key leaks to decrypt future TLS sessions, from passively captured network traffic, without having to redirect client connections,\u201d Weimer wrote. \u201cThis means that disabling forward secrecy generally makes things worse. (Disabling forward secrecy and replacing the server certificate with a new one would work, though.)\u201d\n", "reporter": "Michael Mimoso", "published": "2015-09-08T15:09:28", "type": "threatpost", "title": "Flawed TLS Implementations Leak RSA Keys", "enchantments": {"score": {"modified": "2018-10-06T22:56:18", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2015-0478"], "_object_type": "robots.models.threatpost.ThreatpostBulletin", "modified": "2015-09-08T19:09:28", "id": "THREATPOST:6DF81D6318A6432B7EBCD5493FE1717F", "href": "https://threatpost.com/tls-implementations-vulnerable-to-rsa-key-leaks/114567/", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:37", "references": ["https://vulners.com/securityvulns/securityvulns:doc:24110"], "description": "Directory traversal during file extraction.", "edition": 1, "reporter": "BUGTRAQ", "published": "2010-06-23T00:00:00", "title": "fastjar archiver directory traversal", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:37", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "FastJar", "version": "0.98", "operator": "eq"}], "cvelist": ["CVE-2010-0831", "CVE-2005-1080", "CVE-2006-3619"], "modified": "2010-06-23T00:00:00", "id": "SECURITYVULNS:VULN:10948", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10948", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:35", "references": [], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2010:122\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : fastjar\r\n Date : June 22, 2010\r\n Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been discovered and corrected in fastjar:\r\n \r\n Directory traversal vulnerability in the extract_jar function\r\n in jartool.c in FastJar 0.98 allows remote attackers to create\r\n or overwrite arbitrary files via a .. &#40;dot dot&#41; in a non-initial\r\n pathname component in a filename within a .jar archive, a related\r\n issue to CVE-2005-1080. NOTE: this vulnerability exists because of\r\n an incomplete fix for CVE-2006-3619 &#40;CVE-2010-0831&#41;.\r\n \r\n Packages for 2008.0 and 2009.0 are provided as of the Extended\r\n Maintenance Program. Please visit this link to learn more:\r\n http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0831\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.0:\r\n 29cfbaec7e6255eb665bc78192b65bd4 2008.0/i586/fastjar-0.95-1.1mdv2008.0.i586.rpm \r\n 14db3823db1af8e68f5f5691ca360a4f 2008.0/SRPMS/fastjar-0.95-1.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n 6d30855f5164f15ada36fb6560d5e98d 2008.0/x86_64/fastjar-0.95-1.1mdv2008.0.x86_64.rpm \r\n 14db3823db1af8e68f5f5691ca360a4f 2008.0/SRPMS/fastjar-0.95-1.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n f77fefb84163a9c08ed43444464ca745 2009.0/i586/fastjar-0.95-3.1mdv2009.0.i586.rpm \r\n cb1a7db7aa0df9f9cf4fec3c2a2e76f8 2009.0/SRPMS/fastjar-0.95-3.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n a7ec5bded41e309a47f11e58b7ce4294 2009.0/x86_64/fastjar-0.95-3.1mdv2009.0.x86_64.rpm \r\n cb1a7db7aa0df9f9cf4fec3c2a2e76f8 2009.0/SRPMS/fastjar-0.95-3.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n c2df3e75f81444460e5bef18bc537a0d 2009.1/i586/fastjar-0.97-1.1mdv2009.1.i586.rpm \r\n ea0e50c4339801ef26b3731d381c43a8 2009.1/SRPMS/fastjar-0.97-1.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n acbc81b4f44458db7b3d4e4936f2243d 2009.1/x86_64/fastjar-0.97-1.1mdv2009.1.x86_64.rpm \r\n ea0e50c4339801ef26b3731d381c43a8 2009.1/SRPMS/fastjar-0.97-1.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2010.0:\r\n 235889aecb0c352a7fa79a78db132635 2010.0/i586/fastjar-0.98-1.1mdv2010.0.i586.rpm \r\n 0319890b30ed72964f5061e8c668f868 2010.0/SRPMS/fastjar-0.98-1.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n 8d57e00fa9a90d9f99a80fda6ca93be0 2010.0/x86_64/fastjar-0.98-1.1mdv2010.0.x86_64.rpm \r\n 0319890b30ed72964f5061e8c668f868 2010.0/SRPMS/fastjar-0.98-1.1mdv2010.0.src.rpm\r\n\r\n Corporate 4.0:\r\n 8ae0be32bc0c26d6a5b4b44b28a8be24 corporate/4.0/i586/gcc-4.0.1-5.4.20060mlcs4.i586.rpm\r\n 79f01b28da32b36221815ecb9c6b0800 corporate/4.0/i586/gcc-c++-4.0.1-5.4.20060mlcs4.i586.rpm\r\n 5d500cfca2c534a9c3dae5285b090921 \r\ncorporate/4.0/i586/gcc-colorgcc-4.0.1-5.4.20060mlcs4.i586.rpm\r\n 8a3db9618eee24158e715753ab85c87c corporate/4.0/i586/gcc-cpp-4.0.1-5.4.20060mlcs4.i586.rpm\r\n e38e095b4a82f6f34185404dd4e24f9d corporate/4.0/i586/gcc-doc-4.0.1-5.4.20060mlcs4.i586.rpm\r\n e29739a30fcf203f690809d4d5a1b7dc \r\ncorporate/4.0/i586/gcc-doc-pdf-4.0.1-5.4.20060mlcs4.i586.rpm\r\n a52b298e755784e350671213c048e347 \r\ncorporate/4.0/i586/gcc-gfortran-4.0.1-5.4.20060mlcs4.i586.rpm\r\n 739f22bac9eff8ff1ce925a35913ec4d corporate/4.0/i586/gcc-gnat-4.0.1-5.4.20060mlcs4.i586.rpm\r\n 5c6d85c2596ebe896599282d1246ac51 corporate/4.0/i586/gcc-java-4.0.1-5.4.20060mlcs4.i586.rpm\r\n c58741df491cbe7ec865aa8abfb223b8 corporate/4.0/i586/gcc-objc-4.0.1-5.4.20060mlcs4.i586.rpm\r\n b3b6f955e048d4c4484cb8abca5b024f \r\ncorporate/4.0/i586/gcj-tools-4.0.1-5.4.20060mlcs4.i586.rpm\r\n 7481fccd210e1b05ee680d3b82b1958f \r\ncorporate/4.0/i586/libffi4-devel-4.0.1-5.4.20060mlcs4.i586.rpm\r\n 6812a0c08289f467d9d7f87689193f50 corporate/4.0/i586/libgcc1-4.0.1-5.4.20060mlcs4.i586.rpm\r\n 71ec24cb023ea717a873caca52094de7 corporate/4.0/i586/libgcj6-4.0.1-5.4.20060mlcs4.i586.rpm\r\n cba3e17bf4a6bb4db07e81530e61bbfe \r\ncorporate/4.0/i586/libgcj6-base-4.0.1-5.4.20060mlcs4.i586.rpm\r\n 5d2ea3afb4f9ddb67702ccbf3eaf1dc8 \r\ncorporate/4.0/i586/libgcj6-devel-4.0.1-5.4.20060mlcs4.i586.rpm\r\n 90a2ddd64e638cebc99353e9ed1b9007 \r\ncorporate/4.0/i586/libgcj6-src-4.0.1-5.4.20060mlcs4.i586.rpm\r\n e560796ba713a55d72ef46d50dc064a0 \r\ncorporate/4.0/i586/libgcj6-static-devel-4.0.1-5.4.20060mlcs4.i586.rpm\r\n fcf35776137fe8b4f2bdd6105a887823 \r\ncorporate/4.0/i586/libgfortran0-4.0.1-5.4.20060mlcs4.i586.rpm\r\n ab1cd67788ae4b69544a101f36f5a706 corporate/4.0/i586/libgnat1-4.0.1-5.4.20060mlcs4.i586.rpm\r\n fecffb2b88e2695a3b88d8f804f020bb \r\ncorporate/4.0/i586/libmudflap0-4.0.1-5.4.20060mlcs4.i586.rpm\r\n 40307f8fa9f4e4ba74fd713279ebf76f \r\ncorporate/4.0/i586/libmudflap0-devel-4.0.1-5.4.20060mlcs4.i586.rpm\r\n c834d7ea558059c7c89e0b7d4aac2079 corporate/4.0/i586/libobjc1-4.0.1-5.4.20060mlcs4.i586.rpm\r\n c5120c50910e9008f2ae6723b5928caa \r\ncorporate/4.0/i586/libstdc++6-4.0.1-5.4.20060mlcs4.i586.rpm\r\n 1ca5368024a7bc2a84ab3ed7cd90553a \r\ncorporate/4.0/i586/libstdc++6-devel-4.0.1-5.4.20060mlcs4.i586.rpm\r\n 31bc41b0d17d3065f9987efcafb69dd6 \r\ncorporate/4.0/i586/libstdc++6-static-devel-4.0.1-5.4.20060mlcs4.i586.rpm \r\n f418034fdacecb6bc1b7726e56a447dc corporate/4.0/SRPMS/gcc-4.0.1-5.4.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n 63bfefa0e490a6aa08967adc3a06f925 corporate/4.0/x86_64/gcc-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n 49eb12c3c36742dc0cb559b5c750b190 \r\ncorporate/4.0/x86_64/gcc-c++-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n c6e9330378e6f1ec70a9354518c7db16 \r\ncorporate/4.0/x86_64/gcc-colorgcc-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n 2f8c1cee7fc98bf8f10d543e4c415708 \r\ncorporate/4.0/x86_64/gcc-cpp-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n 613fad43e7bb87461dd5bc68f8862038 \r\ncorporate/4.0/x86_64/gcc-doc-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n 0bab884d8bdb58c5b3be5496dab428f6 \r\ncorporate/4.0/x86_64/gcc-doc-pdf-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n b69bfa9652946c2707475582c7406d18 \r\ncorporate/4.0/x86_64/gcc-gfortran-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n 3f6774d2585a2349661c6fb31c84ab41 \r\ncorporate/4.0/x86_64/gcc-gnat-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n 045915b26d3bb9add72f3dd1205418ca \r\ncorporate/4.0/x86_64/gcc-java-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n b3ca49d5474b61c30b8f5b6a9cbd3840 \r\ncorporate/4.0/x86_64/gcc-objc-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n 6514bab1ccc69984b0320c301b39fb50 \r\ncorporate/4.0/x86_64/gcj-tools-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n 3abd67ccf72a2bb6b288a6d633f1abf8 \r\ncorporate/4.0/x86_64/lib64gcj6-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n 6f7387060f5450d9a4123471b46ee85c \r\ncorporate/4.0/x86_64/lib64gcj6-devel-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n 291e1108c8649f3358f1a2e4fcc2951e \r\ncorporate/4.0/x86_64/lib64gcj6-static-devel-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n 99c3f5dd17599103b36192949d8bef4d \r\ncorporate/4.0/x86_64/libffi4-devel-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n ee4e4b0d50d243eafb8ca330efb3fa76 \r\ncorporate/4.0/x86_64/libgcc1-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n ed3fab0bb728e81ef2f05712fed3170a \r\ncorporate/4.0/x86_64/libgcj6-base-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n 334fbf494c48521e2d1e6fd25dc04060 \r\ncorporate/4.0/x86_64/libgcj6-src-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n 5465686d44c49a4fdb66f12d86463b71 \r\ncorporate/4.0/x86_64/libgfortran0-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n f5a6f8f05eeba6756d0d95392ff2df1b \r\ncorporate/4.0/x86_64/libgnat1-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n f463eb6f69b9a8476339d12d955d3999 \r\ncorporate/4.0/x86_64/libmudflap0-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n 571a27d904dc147513037de3d9750e5d \r\ncorporate/4.0/x86_64/libmudflap0-devel-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n 5d79033dd3213df96acdbc780d8ff749 \r\ncorporate/4.0/x86_64/libobjc1-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n e3fc96bc5b4eb9eeae2abb434dc9cf32 \r\ncorporate/4.0/x86_64/libstdc++6-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n 895909a6655f11d782c14a1c482a2851 \r\ncorporate/4.0/x86_64/libstdc++6-devel-4.0.1-5.4.20060mlcs4.x86_64.rpm\r\n 3148e7eb8d655ec4740d6bc3f2cef9b6 \r\ncorporate/4.0/x86_64/libstdc++6-static-devel-4.0.1-5.4.20060mlcs4.x86_64.rpm \r\n f418034fdacecb6bc1b7726e56a447dc corporate/4.0/SRPMS/gcc-4.0.1-5.4.20060mlcs4.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFMIPEwmqjQ0CJFipgRAuDjAKDSEoJK/Kmrg4O/B0EB8NPInQA7ogCaA7Pi\r\nJ/4rKW1+L0KT1gLT2im/2lU=\r\n=56uq\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2010-06-23T00:00:00", "title": "[ MDVSA-2010:122 ] fastjar", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:35", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-0831", "CVE-2005-1080", "CVE-2006-3619"], "modified": "2010-06-23T00:00:00", "id": "SECURITYVULNS:DOC:24110", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24110", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:00", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31921"], "description": "Over 90 different vulnerabilities are fixed in quarterly update.", "edition": 1, "reporter": "ORACLE", "published": "2015-04-17T00:00:00", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:00", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "iPlanet Web Proxy Server", "version": "4.0", "operator": "eq"}, {"name": "Oracle WebCenter Portal", "version": "11.1", "operator": "eq"}, {"name": "Java SE", "version": "8", "operator": "eq"}, {"name": "Fusion Middleware", "version": "11.1", "operator": "eq"}, {"name": "Hyperion Smart View for Office", "version": "11.1", "operator": "eq"}, {"name": "Oracle Retail Central Office", "version": "14.1", "operator": "eq"}, {"name": "OpenSSO", "version": "3.0", "operator": "eq"}, {"name": "Oracle", "version": "12.1", "operator": "eq"}, {"name": "iPlanet Web Server", "version": "7.0", "operator": "eq"}, {"name": "Outside In Technology", "version": "8.5", "operator": "eq"}, {"name": "Exalogic Infrastructure", "version": "2.0", "operator": "eq"}, {"name": "Siebel Applications", "version": "8.2", "operator": "eq"}, {"name": "Oracle VM Server for SPARC", "version": "3.2", "operator": "eq"}, {"name": "Oracle", "version": "11.2", "operator": "eq"}, {"name": "Oracle E-Business Suite", "version": "12.2", "operator": "eq"}, {"name": "Oracle Commerce Guided Search", "version": "11.1", "operator": "eq"}, {"name": "Oracle Transportation Management", "version": "6.3", "operator": "eq"}, {"name": "Oracle Retail Back Office", "version": "14.1", "operator": "eq"}, {"name": "Solaris", "version": "11.2", "operator": "eq"}, {"name": "Oracle E-Business Suite", "version": "11.5", "operator": "eq"}, {"name": "MySQL Enterprise Monitor", "version": "3.0", "operator": "eq"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.54", "operator": "eq"}, {"name": "Oracle Commerce Platform", "version": "10.2", "operator": "eq"}, {"name": "Demand Planning", "version": "12.2", "operator": "eq"}, {"name": "Enterprise Manager Base Platform", "version": "12.1", "operator": "eq"}, {"name": "Oracle Knowledge", "version": "8.4", "operator": "eq"}, {"name": "WebLogic Server", "version": "12.1", "operator": "eq"}, {"name": "SQL Trace Analyzer", "version": "12.1", "operator": "eq"}, {"name": "GlassFish Server", "version": "2.1", "operator": "eq"}, {"name": "MySQL Connectors", "version": "5.1", "operator": "eq"}, {"name": "Java FX", "version": "2.2", "operator": "eq"}, {"name": "MySQL Server", "version": "5.6", "operator": "eq"}, {"name": "GlassFish Server", "version": "3.1", "operator": "eq"}, {"name": "Agile Engineering Data Management", "version": "6.1", "operator": "eq"}, {"name": "GoldenGate Monitor", "version": "11.1", "operator": "eq"}, {"name": "JD Edwards EnterpriseOne Technology", "version": "9.1", "operator": "eq"}, {"name": "MySQL Utilities", "version": "1.5", "operator": "eq"}, {"name": "Oracle Access Manager", "version": "11.1", "operator": "eq"}, {"name": "Oracle WebCenter Sites", "version": "11.1", "operator": "eq"}, {"name": "Oracle Argus Safety", "version": "8.0", "operator": "eq"}, {"name": "Solaris", "version": "10", "operator": "eq"}, {"name": "Cisco MDS Fiber Channel Switch", "version": "6.2", "operator": "eq"}, {"name": "PeopleSoft Enterprise Portal Interaction Hub", "version": "9.1", "operator": "eq"}, {"name": "JRockit", "version": "28.3", "operator": "eq"}, {"name": "iPlanet Web Server", "version": "6.1", "operator": "eq"}, {"name": "PeopleSoft Enterprise SCM Strategic Sourcing", "version": "9.2", "operator": "eq"}], "cvelist": ["CVE-2015-2576", "CVE-2015-0489", "CVE-2015-0466", "CVE-2015-0473", "CVE-2015-0455", "CVE-2015-0484", "CVE-2014-3566", "CVE-2015-0504", "CVE-2015-0482", "CVE-2015-0235", "CVE-2015-0493", "CVE-2015-0463", "CVE-2015-2579", "CVE-2015-0474", "CVE-2015-0492", "CVE-2014-7809", "CVE-2015-0495", "CVE-2015-0440", "CVE-2015-2567", "CVE-2015-0502", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-2568", "CVE-2015-0506", "CVE-2015-2575", "CVE-2015-0447", "CVE-2014-3571", "CVE-2015-0476", "CVE-2015-0511", "CVE-2015-0458", "CVE-2015-0483", "CVE-2015-0487", "CVE-2015-0453", "CVE-2015-2572", "CVE-2015-0490", "CVE-2015-2574", "CVE-2015-0510", "CVE-2015-0497", "CVE-2015-0501", "CVE-2015-0450", "CVE-2015-0439", "CVE-2015-0448", "CVE-2015-0472", "CVE-2015-0462", "CVE-2015-0459", "CVE-2015-0507", "CVE-2015-2571", "CVE-2015-0475", "CVE-2015-2570", "CVE-2015-0509", "CVE-2015-0494", "CVE-2015-0461", "CVE-2015-0503", "CVE-2015-0449", "CVE-2014-0050", "CVE-2015-0500", "CVE-2015-0405", "CVE-2013-4286", "CVE-2015-0451", "CVE-2015-2577", "CVE-2014-1568", "CVE-2015-0478", "CVE-2015-2565", "CVE-2015-0496", "CVE-2015-0204", "CVE-2015-2578", "CVE-2015-2566", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0471", "CVE-2015-0423", "CVE-2015-0498", "CVE-2015-0438", "CVE-2015-0480", "CVE-2015-0499", "CVE-2015-0433", "CVE-2015-0441", "CVE-2015-0486", "CVE-2015-0452", "CVE-2014-0112", "CVE-2015-0508", "CVE-2015-0457", "CVE-2015-0505", "CVE-2015-0465", "CVE-2015-0479", "CVE-2015-2573", "CVE-2015-0485", "CVE-2014-3569", "CVE-2015-0464", "CVE-2015-0491", "CVE-2015-0456", "CVE-2013-4545"], "modified": "2015-04-17T00:00:00", "id": "SECURITYVULNS:VULN:14393", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14393", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "atlassian": [{"lastseen": "2018-10-11T12:11:10", "references": [], "description": "The version of Java we bundle with Confluence is badly out of date, and well behind the security baseline Oracle defines (see http://www.oracle.com/technetwork/java/javase/7u80-relnotes-2494162.html for example, which says we should be running update 79 for security fixes, and update 80 for subsequent bugfixes).\r\n\r\nThe April 2015 blog post for the latest update lists multiple security issues affecting server code, several exploitable over the network, and 3 that are severity 10.0 (their highest rating). They do not provide any details for us to know what these vulnerabilities are, aside from their CVE IDs. See https://blogs.oracle.com/security/entry/april_2015_critical_patch_update for all the details we have, and watch https://access.redhat.com/security/cve/CVE-2015-0491 https://access.redhat.com/security/cve/CVE-2015-0459 and https://access.redhat.com/security/cve/CVE-2015-0469 for publication.\r\n\r\nWe need to update the bundled version of the JRE to at least 1.7.0_79.\r\n\r\nIn versions of Confluence where we've dropped support for any JRE other than the one we bundle, we need to do this update as a matter of urgency.", "edition": 6, "reporter": "richatkins", "published": "2015-04-16T06:32:43", "title": "Multiple vulnerabilites in Java 1.7.0_15", "type": "atlassian", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Confluence Server", "version": "5.3.4", "operator": "le"}, {"name": "Confluence Server", "version": "5.7.4", "operator": "lt"}, {"name": "Confluence Server", "version": "5.5.7", "operator": "le"}, {"name": "Confluence Server", "version": "5.2.5", "operator": "le"}, {"name": "Confluence Server", "version": "5.6.6", "operator": "le"}, {"name": "Confluence Server", "version": "5.0.3", "operator": "le"}, {"name": "Confluence Server", "version": "5.4.4", "operator": "le"}, {"name": "Confluence Server", "version": "5.1.5", "operator": "le"}, {"name": "Confluence Server", "version": "5.7.3", "operator": "le"}], "cvelist": ["CVE-2015-0469", "CVE-2015-0459", "CVE-2015-0491"], "modified": "2018-10-11T08:37:46", "id": "ATLASSIAN:CONFSERVER-37240", "href": "https://jira.atlassian.com/browse/CONFSERVER-37240", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-03-22T18:16:54", "references": [], "edition": 1, "description": "The version of Java we bundle with Confluence is badly out of date, and well behind the security baseline Oracle defines (see http://www.oracle.com/technetwork/java/javase/7u80-relnotes-2494162.html for example, which says we should be running update 79 for security fixes, and update 80 for subsequent bugfixes).\r\n\r\nThe April 2015 blog post for the latest update lists multiple security issues affecting server code, several exploitable over the network, and 3 that are severity 10.0 (their highest rating). They do not provide any details for us to know what these vulnerabilities are, aside from their CVE IDs. See https://blogs.oracle.com/security/entry/april_2015_critical_patch_update for all the details we have, and watch https://access.redhat.com/security/cve/CVE-2015-0491 https://access.redhat.com/security/cve/CVE-2015-0459 and https://access.redhat.com/security/cve/CVE-2015-0469 for publication.\r\n\r\nWe need to update the bundled version of the JRE to at least 1.7.0_79.\r\n\r\nIn versions of Confluence where we've dropped support for any JRE other than the one we bundle, we need to do this update as a matter of urgency.", "reporter": "richatkins", "published": "2015-04-16T06:32:43", "title": "Multiple vulnerabilites in Java 1.7.0_15", "type": "atlassian", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "affectedSoftware": [{"name": "Confluence", "version": "5.5.7", "operator": "le"}, {"name": "Confluence", "version": "5.1.5", "operator": "le"}, {"name": "Confluence", "version": "5.7.4", "operator": "lt"}, {"name": "Confluence", "version": "5.0.3", "operator": "le"}, {"name": "Confluence", "version": "5.2.5", "operator": "le"}, {"name": "Confluence", "version": "5.6.6", "operator": "le"}, {"name": "Confluence", "version": "5.4.4", "operator": "le"}, {"name": "Confluence", "version": "5.7.3", "operator": "le"}, {"name": "Confluence", "version": "5.3.4", "operator": "le"}], "bulletinFamily": "software", "cvelist": ["CVE-2015-0469", "CVE-2015-0459", "CVE-2015-0491"], "modified": "2017-02-17T04:28:40", "id": "ATLASSIAN:CONF-37240", "href": "https://jira.atlassian.com/browse/CONF-37240", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:05", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0491", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2628", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2613", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0484", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2619", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2625", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2632", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2664", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4729", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4733", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0477", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4748", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0488", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0470", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2627", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4731", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4732", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916", "https://bugs.gentoo.org/show_bug.cgi?id=572432", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0478", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2638", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0459", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2637", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842", "https://bugs.gentoo.org/show_bug.cgi?id=563684", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2590", "https://bugs.gentoo.org/show_bug.cgi?id=525472", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2601", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2659", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0460", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2621", "https://bugs.gentoo.org/show_bug.cgi?id=546678", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0469", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0492", "https://bugs.gentoo.org/show_bug.cgi?id=540054", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0458", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4736", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0480", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4760", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0486", "https://bugs.gentoo.org/show_bug.cgi?id=554886"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.8.0.72", "packageFilename": "UNKNOWN", "packageName": "dev-java/oracle-jdk-bin", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.8.0.72", "packageFilename": "UNKNOWN", "packageName": "dev-java/oracle-jre-bin", "arch": "all", "operator": "lt"}], "description": "### Background\n\nJava Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops and servers, as well as in today\u2019s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today\u2019s applications require. \n\n### Description\n\nMultiple vulnerabilities exist in both Oracle\u2019s JRE and JDK. Please review the referenced CVE\u2019s for additional information. \n\n### Impact\n\nRemote attackers could gain access to information, remotely execute arbitrary code, and cause Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Oracle JRE Users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-java/oracle-jre-bin-1.8.0.72\"\n \n\nAll Oracle JDK Users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-java/oracle-jdk-bin-1.8.0.72\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2016-03-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Oracle JRE/JDK: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2015-0484", "CVE-2015-2627", "CVE-2015-2601", "CVE-2015-4729", "CVE-2015-0492", "CVE-2015-2632", "CVE-2015-2625", "CVE-2015-2664", "CVE-2015-4732", "CVE-2015-4860", "CVE-2015-4868", "CVE-2015-4903", "CVE-2015-0477", "CVE-2015-4906", "CVE-2015-0469", "CVE-2015-4843", "CVE-2015-4842", "CVE-2015-4872", "CVE-2015-7840", "CVE-2015-2613", "CVE-2015-4883", "CVE-2015-0458", "CVE-2015-4736", "CVE-2015-4882", "CVE-2015-4734", "CVE-2015-0459", "CVE-2015-4871", "CVE-2015-4803", "CVE-2015-4902", "CVE-2015-2590", "CVE-2015-4805", "CVE-2015-4806", "CVE-2015-2628", "CVE-2015-4810", "CVE-2015-4908", "CVE-2015-4733", "CVE-2015-0478", "CVE-2015-4901", "CVE-2015-4835", "CVE-2015-2637", "CVE-2015-2621", "CVE-2015-2638", "CVE-2015-0460", "CVE-2015-2619", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-4731", "CVE-2015-2659", "CVE-2015-0480", "CVE-2015-4911", "CVE-2015-4844", "CVE-2015-4881", "CVE-2015-4840", "CVE-2015-4748", "CVE-2015-0486", "CVE-2015-4893", "CVE-2015-4916", "CVE-2015-0437", "CVE-2015-0491", "CVE-2015-4760"], "modified": "2016-03-12T00:00:00", "id": "GLSA-201603-11", "href": "https://security.gentoo.org/glsa/201603-11", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2018-08-31T04:14:01", "references": [], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle continues to periodically receive reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 98 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "edition": 3, "reporter": "Oracle", "published": "2015-04-14T00:00:00", "title": "Oracle Critical Patch Update - April 2015", "type": "oracle", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Oracle WebCenter Sites", "version": "7.6.2", "operator": "le"}, {"name": "JD Edwards EnterpriseOne Technology", "version": "9.1", "operator": "le"}, {"name": "Oracle Outside In Technology", "version": "8.5.1", "operator": "le"}, {"name": "Oracle VM Server for SPARC", "version": "3.2", "operator": "le"}, {"name": "XDB - XML Database", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle WebCenter Sites", "version": "11.1.1.8.0", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "13.3", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "13.0", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "13.1", "operator": "le"}, {"name": "Oracle OpenSSO", "version": "3.0", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "12.0", "operator": "le"}, {"name": "Java VM", "version": "11.2.0.3", "operator": "le"}, {"name": "Java VM", "version": "11.2.0.4", "operator": "le"}, {"name": "Java VM", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.4", "operator": "le"}, {"name": "XDK and XDB - XML Database", "version": "11.2.0.3", "operator": "le"}, {"name": "Oracle Installed Base", "version": "12.1.3", "operator": "le"}, {"name": "MySQL Enterprise Monitor", "version": "3.0.10", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "14.1", "operator": "le"}, {"name": "Oracle RDBMS", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle Installed Base", "version": "12.0.6", "operator": "le"}, {"name": "Oracle GlassFish Server", "version": "2.1.1", "operator": "le"}, {"name": "Oracle Hyperion BI+", "version": "11.1.2.3", "operator": "le"}, {"name": "Cisco MDS Fiber Channel Switch", "version": "5.2", "operator": "le"}, {"name": "Java SE, JavaFX", "version": "7u76", "operator": "le"}, {"name": "Oracle Exalogic Infrastructure", "version": "2.x", "operator": "le"}, {"name": "Oracle RDBMS", "version": "12.1.0.2", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "12.0IN", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.6", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.2", "operator": "le"}, {"name": "Java SE, JRockit", "version": "5.0u81", "operator": "le"}, {"name": "Enterprise Manager Base Platform", "version": "12.1.0.6", "operator": "le"}, {"name": "Oracle Demand Planning", "version": "12.0", "operator": "le"}, {"name": "Oracle GoldenGate Monitor", "version": "11.1.2.1.0", "operator": "le"}, {"name": "Oracle iPlanet Web Proxy Server", "version": "4.0", "operator": "le"}, {"name": "Java SE, JavaFX", "version": "6u91", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "12.0.6", "operator": "le"}, {"name": "Oracle Retail Central Office", "version": "13.3", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "14.0", "operator": "le"}, {"name": "XDB - XML Database", "version": "12.1.0.1", "operator": "le"}, {"name": "Oracle Commerce Platform", "version": "10.2", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.1", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.5", "operator": "le"}, {"name": "Java SE, JRockit", "version": "28.3.5", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.1.3.0", "operator": "le"}, {"name": "Oracle Demand Planning", "version": "12.2", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.54", "operator": "le"}, {"name": "Siebel UI Framework", "version": "8.2", "operator": "le"}, {"name": "Oracle Retail Central Office", "version": "14.1", "operator": "le"}, {"name": "Java VM", "version": "12.1.0.2", "operator": "le"}, {"name": "Oracle Health Sciences Argus Safety", "version": "8.0", "operator": "le"}, {"name": "PeopleSoft Enterprise SCM Strategic Sourcing", "version": "9.1", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "12.2.3", "operator": "le"}, {"name": "XDK and XDB - XML Database", "version": "12.1.0.1", "operator": "le"}, {"name": "Application Management Pack for Oracle E-Business Suite", "version": "121020", "operator": "le"}, {"name": "Java SE", "version": "5.0u81", "operator": "le"}, {"name": "Java SE, JRockit", "version": "6u91", "operator": "le"}, {"name": "SQL Trace Analyzer", "version": "12.1.11", "operator": "le"}, {"name": "Oracle RDBMS", "version": "12.1.0.1", "operator": "le"}, {"name": "Solaris", "version": "10", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "12.1.3", "operator": "le"}, {"name": "MySQL Utilities", "version": "1.5.1", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "11.5.10.2", "operator": "le"}, {"name": "Application Management Pack for Oracle E-Business Suite", "version": "121030", "operator": "le"}, {"name": "Oracle Hyperion Smart View for Office", "version": "11.1.2.5.216", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "12.2.4", "operator": "le"}, {"name": "Java SE, JRockit", "version": "8u40", "operator": "le"}, {"name": "Java SE", "version": "7u76", "operator": "le"}, {"name": "Oracle Commerce Platform", "version": "9.4", "operator": "le"}, {"name": "Oracle Installed Base", "version": "12.1.1", "operator": "le"}, {"name": "MySQL Enterprise Monitor", "version": "3.0.18", "operator": "le"}, {"name": "MySQL Server", "version": "5.6.23", "operator": "le"}, {"name": "Oracle Exalogic Infrastructure", "version": "1.x", "operator": "le"}, {"name": "MySQL Enterprise Monitor", "version": "2.3.16", "operator": "le"}, {"name": "Siebel UI Framework", "version": "8.1", "operator": "le"}, {"name": "Oracle WebCenter Sites", "version": "11.1.1.6.1", "operator": "le"}, {"name": "Oracle Retail Central Office", "version": "13.4", "operator": "le"}, {"name": "Oracle Retail Central Office", "version": "13.2", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.1.1.0", "operator": "le"}, {"name": "Oracle Knowledge", "version": "8.2.3.10.1", "operator": "le"}, {"name": "Oracle VM Server for SPARC", "version": "3.1", "operator": "le"}, {"name": "Solaris", "version": "11.2", "operator": "le"}, {"name": "Java SE", "version": "8u40", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.3", "operator": "le"}, {"name": "PeopleSoft Enterprise SCM Strategic Sourcing", "version": "9.2", "operator": "le"}, {"name": "Cisco MDS Fiber Channel Switch", "version": "6.2", "operator": "le"}, {"name": "Oracle Installed Base", "version": "11.5.10.2", "operator": "le"}, {"name": "Oracle WebCenter Portal", "version": "11.1.1.8.0", "operator": "le"}, {"name": "Oracle Demand Planning", "version": "12.1", "operator": "le"}, {"name": "Oracle RDBMS", "version": "11.2.0.4", "operator": "le"}, {"name": "Java SE, JavaFX", "version": "8u40", "operator": "le"}, {"name": "XDB - XML Database", "version": "12.1.0.2", "operator": "le"}, {"name": "Oracle iPlanet Web Server", "version": "6.1", "operator": "le"}, {"name": "Oracle Outside In Technology", "version": "8.5.0", "operator": "le"}, {"name": "Oracle Outside In Technology", "version": "8.4.1", "operator": "le"}, {"name": "MySQL Server", "version": "5.5.42", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.1.2.0", "operator": "le"}, {"name": "Oracle Access Manager", "version": "11.1.1.5", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.53", "operator": "le"}, {"name": "Oracle Installed Base", "version": "12.0.4", "operator": "le"}, {"name": "MySQL Server", "version": "5.6.22", "operator": "le"}, {"name": "Oracle Retail Central Office", "version": "14.0", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.0.6", "operator": "le"}, {"name": "Oracle Knowledge", "version": "8.4.7.2", "operator": "le"}, {"name": "Oracle Agile Engineering Data Management", "version": "6.1.3.0", "operator": "le"}, {"name": "Oracle Retail Central Office", "version": "13.1", "operator": "le"}, {"name": "MySQL Connectors", "version": "5.1.34", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.3.6.0", "operator": "le"}, {"name": "Oracle GlassFish Server", "version": "3.0.1", "operator": "le"}, {"name": "XDB - XML Database", "version": "11.2.0.3", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.1", "operator": "le"}, {"name": "Java SE", "version": "6u91", "operator": "le"}, {"name": "Java SE, JavaFX", "version": "2.2.76", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.0", "operator": "le"}, {"name": "Enterprise Manager Base Platform", "version": "12.1.0.5", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "13.2", "operator": "le"}, {"name": "Oracle iPlanet Web Server", "version": "7.0", "operator": "le"}, {"name": "Java SE, JavaFX", "version": "5.0u81", "operator": "le"}, {"name": "Oracle Access Manager", "version": "11.1.1.7", "operator": "le"}, {"name": "Oracle Demand Planning", "version": "11.5.10", "operator": "le"}, {"name": "MySQL Enterprise Monitor", "version": "2.3.19", "operator": "le"}, {"name": "XDK and XDB - XML Database", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle Installed Base", "version": "12.1.2", "operator": "le"}, {"name": "MySQL Server", "version": "5.5.41", "operator": "le"}, {"name": "Oracle Commerce Platform", "version": "10.0", "operator": "le"}, {"name": "Java VM", "version": "12.1.0.1", "operator": "le"}, {"name": "Oracle Commerce Guided Search / Oracle Commerce Experience Manager", "version": "3.x", "operator": "le"}, {"name": "Oracle Commerce Guided Search / Oracle Commerce Experience Manager", "version": "11.x", "operator": "le"}, {"name": "Java SE, JRockit", "version": "7u76", "operator": "le"}, {"name": "Oracle RDBMS", "version": "11.2.0.3", "operator": "le"}, {"name": "Oracle GlassFish Server", "version": "3.1.2", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "13.4", "operator": "le"}, {"name": "PeopleSoft Enterprise Portal Interaction Hub", "version": "9.1.00", "operator": "le"}, {"name": "Oracle Hyperion BI+", "version": "11.1.2.2", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.2", "operator": "le"}], "cvelist": ["CVE-2015-2576", "CVE-2015-0489", "CVE-2015-0466", "CVE-2015-0473", "CVE-2015-0455", "CVE-2015-0484", "CVE-2014-3566", "CVE-2015-0504", "CVE-2015-0482", "CVE-2015-0235", "CVE-2015-0493", "CVE-2015-0463", "CVE-2015-2579", "CVE-2015-0474", "CVE-2015-0492", "CVE-2014-7809", "CVE-2015-0495", "CVE-2015-0440", "CVE-2015-2567", "CVE-2014-3572", "CVE-2015-0206", "CVE-2015-0502", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-2568", "CVE-2015-0506", "CVE-2015-2575", "CVE-2015-0447", "CVE-2014-3571", "CVE-2015-0476", "CVE-2015-0511", "CVE-2015-0458", "CVE-2015-0483", "CVE-2014-0116", "CVE-2015-0487", "CVE-2015-0453", "CVE-2015-2572", "CVE-2015-0490", "CVE-2015-2574", "CVE-2015-0510", "CVE-2015-0497", "CVE-2015-0501", "CVE-2015-0450", "CVE-2015-0439", "CVE-2015-0448", "CVE-2015-0472", "CVE-2015-0462", "CVE-2015-0459", "CVE-2015-0507", "CVE-2015-2571", "CVE-2015-0475", "CVE-2014-8275", "CVE-2015-2570", "CVE-2014-3570", "CVE-2015-0509", "CVE-2015-0494", "CVE-2015-0461", "CVE-2015-0503", "CVE-2015-0449", "CVE-2014-0050", "CVE-2015-0500", "CVE-2015-0405", "CVE-2013-4286", "CVE-2015-0451", "CVE-2015-2577", "CVE-2014-1568", "CVE-2015-0478", "CVE-2015-2565", "CVE-2015-0496", "CVE-2015-0204", "CVE-2014-0094", "CVE-2015-2578", "CVE-2015-2566", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0471", "CVE-2015-0423", "CVE-2015-0498", "CVE-2014-0113", "CVE-2015-0438", "CVE-2015-0480", "CVE-2015-0499", "CVE-2015-0433", "CVE-2015-0441", "CVE-2015-0486", "CVE-2015-0452", "CVE-2014-0112", "CVE-2015-0508", "CVE-2015-0457", "CVE-2015-0505", "CVE-2015-0465", "CVE-2015-0479", "CVE-2015-2573", "CVE-2015-0205", "CVE-2015-0485", "CVE-2014-3569", "CVE-2015-0464", "CVE-2015-0491", "CVE-2015-0456", "CVE-2013-4545"], "modified": "2015-05-20T00:00:00", "id": "ORACLE:CPUAPR2015-2365600", "href": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}