{"id": "REDHAT-RHSA-2013-1447.NASL", "bulletinFamily": "scanner", "title": "RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)", "description": "Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "published": "2013-10-22T00:00:00", "modified": "2018-09-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=70536", "reporter": "Tenable", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-5849.html", "https://www.redhat.com/security/data/cve/CVE-2013-5814.html", "https://www.redhat.com/security/data/cve/CVE-2013-3829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5820.html", "https://www.redhat.com/security/data/cve/CVE-2013-5778.html", "https://www.redhat.com/security/data/cve/CVE-2013-5825.html", "https://www.redhat.com/security/data/cve/CVE-2013-5842.html", "https://www.redhat.com/security/data/cve/CVE-2013-5829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5772.html", "https://www.redhat.com/security/data/cve/CVE-2013-5803.html", "https://www.redhat.com/security/data/cve/CVE-2013-5797.html", "https://www.redhat.com/security/data/cve/CVE-2013-5830.html", "https://www.redhat.com/security/data/cve/CVE-2013-5809.html", "https://www.redhat.com/security/data/cve/CVE-2013-5782.html", "https://www.redhat.com/security/data/cve/CVE-2013-5840.html", "https://www.redhat.com/security/data/cve/CVE-2013-5774.html", "https://www.redhat.com/security/data/cve/CVE-2013-5838.html", "https://www.redhat.com/security/data/cve/CVE-2013-5800.html", "https://www.redhat.com/security/data/cve/CVE-2013-4002.html", "https://www.redhat.com/security/data/cve/CVE-2013-5851.html", "https://www.redhat.com/security/data/cve/CVE-2013-5850.html", "https://www.redhat.com/security/data/cve/CVE-2013-5823.html", "https://www.redhat.com/security/data/cve/CVE-2013-5817.html", "https://www.redhat.com/security/data/cve/CVE-2013-5790.html", "https://www.redhat.com/security/data/cve/CVE-2013-5780.html", "https://www.redhat.com/security/data/cve/CVE-2013-5783.html", "http://rhn.redhat.com/errata/RHSA-2013-1447.html", "https://www.redhat.com/security/data/cve/CVE-2013-5784.html", "https://www.redhat.com/security/data/cve/CVE-2013-5802.html", "https://www.redhat.com/security/data/cve/CVE-2013-5804.html"], "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "type": "nessus", "lastseen": "2018-09-12T10:09:24", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc"], "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 5, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "hash": "383fc42d572c6c9c906b5bcae57af5fcad3aea112670ae13e80addbadb3132f5", "hashmap": [{"hash": "118382c03abaa3b485dbe4bb05d7fce0", "key": "references"}, {"hash": "c7edc6c61a927ed317ac130b51fac2d6", "key": "cpe"}, {"hash": "7c03779312ffcb90b2c1d0c697a916c4", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "bbd32ee296cd9916b85e8a3a2785f280", "key": "cvelist"}, {"hash": "6b88e9e1569a7e403c2a9fd24de5e45b", "key": "href"}, {"hash": "f4263cb7ab9b83d87b6d91af466e0d19", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "5202b03f701d8ce3aa7ec293f5085c0c", "key": "sourceData"}, {"hash": "5b253987191eeddaec27a34011982132", "key": "published"}, {"hash": "4fbd848df540aebf66e3dacc295ede8d", "key": "title"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "0f53e31ba1befcd78a8de722fd263e97", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=70536", "id": "REDHAT-RHSA-2013-1447.NASL", "lastseen": "2018-08-30T19:52:32", "modified": "2018-07-26T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "70536", "published": "2013-10-22T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-5849.html", "https://www.redhat.com/security/data/cve/CVE-2013-5814.html", "https://www.redhat.com/security/data/cve/CVE-2013-3829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5820.html", "https://www.redhat.com/security/data/cve/CVE-2013-5778.html", "https://www.redhat.com/security/data/cve/CVE-2013-5825.html", "https://www.redhat.com/security/data/cve/CVE-2013-5842.html", "https://www.redhat.com/security/data/cve/CVE-2013-5829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5772.html", "https://www.redhat.com/security/data/cve/CVE-2013-5803.html", "https://www.redhat.com/security/data/cve/CVE-2013-5797.html", "https://www.redhat.com/security/data/cve/CVE-2013-5830.html", "https://www.redhat.com/security/data/cve/CVE-2013-5809.html", "https://www.redhat.com/security/data/cve/CVE-2013-5782.html", "https://www.redhat.com/security/data/cve/CVE-2013-5840.html", "https://www.redhat.com/security/data/cve/CVE-2013-5774.html", "https://www.redhat.com/security/data/cve/CVE-2013-5838.html", "https://www.redhat.com/security/data/cve/CVE-2013-5800.html", "https://www.redhat.com/security/data/cve/CVE-2013-4002.html", "https://www.redhat.com/security/data/cve/CVE-2013-5851.html", "https://www.redhat.com/security/data/cve/CVE-2013-5850.html", "https://www.redhat.com/security/data/cve/CVE-2013-5823.html", "https://www.redhat.com/security/data/cve/CVE-2013-5817.html", "https://www.redhat.com/security/data/cve/CVE-2013-5790.html", "https://www.redhat.com/security/data/cve/CVE-2013-5780.html", "https://www.redhat.com/security/data/cve/CVE-2013-5783.html", "http://rhn.redhat.com/errata/RHSA-2013-1447.html", "https://www.redhat.com/security/data/cve/CVE-2013-5784.html", "https://www.redhat.com/security/data/cve/CVE-2013-5802.html", "https://www.redhat.com/security/data/cve/CVE-2013-5804.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1447. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70536);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/26 18:45:28\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(61310, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63115, 63118, 63120, 63121, 63128, 63131, 63133, 63134, 63135, 63137, 63142, 63143, 63146, 63148, 63149, 63150, 63153, 63154);\n script_xref(name:\"RHSA\", value:\"2013:1447\");\n\n script_name(english:\"RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783,\nCVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849,\nCVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-3829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5778.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5784.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5800.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5803.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5804.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5820.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5850.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5851.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1447.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1447\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n }\n}\n", "title": "RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)", "type": "nessus", "viewCount": 3}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-08-30T19:52:32"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 2, "enchantments": {}, "hash": "5b3dcfcb47278006b5e4e04f590469299592621a01fdd79c2058f6a3856bc0dd", "hashmap": [{"hash": "118382c03abaa3b485dbe4bb05d7fce0", "key": "references"}, {"hash": "369eb856f7dc4cfd31b9acc3c0811267", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "bbd32ee296cd9916b85e8a3a2785f280", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "6b88e9e1569a7e403c2a9fd24de5e45b", "key": "href"}, {"hash": "f4263cb7ab9b83d87b6d91af466e0d19", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "5b253987191eeddaec27a34011982132", "key": "published"}, {"hash": "4fbd848df540aebf66e3dacc295ede8d", "key": "title"}, {"hash": "aa68929fd1eb36b57f2e26cc3d07d7d9", "key": "sourceData"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "0f53e31ba1befcd78a8de722fd263e97", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=70536", "id": "REDHAT-RHSA-2013-1447.NASL", "lastseen": "2017-01-06T02:16:22", "modified": "2017-01-05T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.2", "pluginID": "70536", "published": "2013-10-22T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-5849.html", "https://www.redhat.com/security/data/cve/CVE-2013-5814.html", "https://www.redhat.com/security/data/cve/CVE-2013-3829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5820.html", "https://www.redhat.com/security/data/cve/CVE-2013-5778.html", "https://www.redhat.com/security/data/cve/CVE-2013-5825.html", "https://www.redhat.com/security/data/cve/CVE-2013-5842.html", "https://www.redhat.com/security/data/cve/CVE-2013-5829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5772.html", "https://www.redhat.com/security/data/cve/CVE-2013-5803.html", "https://www.redhat.com/security/data/cve/CVE-2013-5797.html", "https://www.redhat.com/security/data/cve/CVE-2013-5830.html", "https://www.redhat.com/security/data/cve/CVE-2013-5809.html", "https://www.redhat.com/security/data/cve/CVE-2013-5782.html", "https://www.redhat.com/security/data/cve/CVE-2013-5840.html", "https://www.redhat.com/security/data/cve/CVE-2013-5774.html", "https://www.redhat.com/security/data/cve/CVE-2013-5838.html", "https://www.redhat.com/security/data/cve/CVE-2013-5800.html", "https://www.redhat.com/security/data/cve/CVE-2013-4002.html", "https://www.redhat.com/security/data/cve/CVE-2013-5851.html", "https://www.redhat.com/security/data/cve/CVE-2013-5850.html", "https://www.redhat.com/security/data/cve/CVE-2013-5823.html", "https://www.redhat.com/security/data/cve/CVE-2013-5817.html", "https://www.redhat.com/security/data/cve/CVE-2013-5790.html", "https://www.redhat.com/security/data/cve/CVE-2013-5780.html", "https://www.redhat.com/security/data/cve/CVE-2013-5783.html", "http://rhn.redhat.com/errata/RHSA-2013-1447.html", "https://www.redhat.com/security/data/cve/CVE-2013-5784.html", "https://www.redhat.com/security/data/cve/CVE-2013-5802.html", "https://www.redhat.com/security/data/cve/CVE-2013-5804.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1447. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70536);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2017/01/05 16:29:44 $\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(61310, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63115, 63118, 63120, 63121, 63128, 63131, 63133, 63134, 63135, 63137, 63142, 63143, 63146, 63148, 63149, 63150, 63153, 63154);\n script_osvdb_id(95418, 98524, 98525, 98526, 98531, 98532, 98535, 98536, 98544, 98546, 98548, 98549, 98550, 98551, 98552, 98558, 98559, 98560, 98562, 98563, 98564, 98565, 98566, 98567, 98568, 98569, 98571, 98572, 98573);\n script_xref(name:\"RHSA\", value:\"2013:1447\");\n\n script_name(english:\"RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783,\nCVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849,\nCVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-3829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5778.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5784.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5800.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5803.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5804.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5820.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5850.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5851.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1447.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1447\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n }\n}\n", "title": "RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)", "type": "nessus", "viewCount": 3}, "differentElements": ["cpe"], "edition": 2, "lastseen": "2017-01-06T02:16:22"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc"], "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 3, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "hash": "841d520eaeee2f51a935586ddec10d890b9f44e2d0a5e99cef671ac558db689f", "hashmap": [{"hash": "118382c03abaa3b485dbe4bb05d7fce0", "key": "references"}, {"hash": "369eb856f7dc4cfd31b9acc3c0811267", "key": "modified"}, {"hash": "c7edc6c61a927ed317ac130b51fac2d6", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "bbd32ee296cd9916b85e8a3a2785f280", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "6b88e9e1569a7e403c2a9fd24de5e45b", "key": "href"}, {"hash": "f4263cb7ab9b83d87b6d91af466e0d19", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "5b253987191eeddaec27a34011982132", "key": "published"}, {"hash": "4fbd848df540aebf66e3dacc295ede8d", "key": "title"}, {"hash": "aa68929fd1eb36b57f2e26cc3d07d7d9", "key": "sourceData"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "0f53e31ba1befcd78a8de722fd263e97", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=70536", "id": "REDHAT-RHSA-2013-1447.NASL", "lastseen": "2017-10-29T13:42:53", "modified": "2017-01-05T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "70536", "published": "2013-10-22T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-5849.html", "https://www.redhat.com/security/data/cve/CVE-2013-5814.html", "https://www.redhat.com/security/data/cve/CVE-2013-3829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5820.html", "https://www.redhat.com/security/data/cve/CVE-2013-5778.html", "https://www.redhat.com/security/data/cve/CVE-2013-5825.html", "https://www.redhat.com/security/data/cve/CVE-2013-5842.html", "https://www.redhat.com/security/data/cve/CVE-2013-5829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5772.html", "https://www.redhat.com/security/data/cve/CVE-2013-5803.html", "https://www.redhat.com/security/data/cve/CVE-2013-5797.html", "https://www.redhat.com/security/data/cve/CVE-2013-5830.html", "https://www.redhat.com/security/data/cve/CVE-2013-5809.html", "https://www.redhat.com/security/data/cve/CVE-2013-5782.html", "https://www.redhat.com/security/data/cve/CVE-2013-5840.html", "https://www.redhat.com/security/data/cve/CVE-2013-5774.html", "https://www.redhat.com/security/data/cve/CVE-2013-5838.html", "https://www.redhat.com/security/data/cve/CVE-2013-5800.html", "https://www.redhat.com/security/data/cve/CVE-2013-4002.html", "https://www.redhat.com/security/data/cve/CVE-2013-5851.html", "https://www.redhat.com/security/data/cve/CVE-2013-5850.html", "https://www.redhat.com/security/data/cve/CVE-2013-5823.html", "https://www.redhat.com/security/data/cve/CVE-2013-5817.html", "https://www.redhat.com/security/data/cve/CVE-2013-5790.html", "https://www.redhat.com/security/data/cve/CVE-2013-5780.html", "https://www.redhat.com/security/data/cve/CVE-2013-5783.html", "http://rhn.redhat.com/errata/RHSA-2013-1447.html", "https://www.redhat.com/security/data/cve/CVE-2013-5784.html", "https://www.redhat.com/security/data/cve/CVE-2013-5802.html", "https://www.redhat.com/security/data/cve/CVE-2013-5804.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1447. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70536);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2017/01/05 16:29:44 $\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(61310, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63115, 63118, 63120, 63121, 63128, 63131, 63133, 63134, 63135, 63137, 63142, 63143, 63146, 63148, 63149, 63150, 63153, 63154);\n script_osvdb_id(95418, 98524, 98525, 98526, 98531, 98532, 98535, 98536, 98544, 98546, 98548, 98549, 98550, 98551, 98552, 98558, 98559, 98560, 98562, 98563, 98564, 98565, 98566, 98567, 98568, 98569, 98571, 98572, 98573);\n script_xref(name:\"RHSA\", value:\"2013:1447\");\n\n script_name(english:\"RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783,\nCVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849,\nCVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-3829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5778.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5784.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5800.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5803.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5804.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5820.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5850.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5851.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1447.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1447\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n }\n}\n", "title": "RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)", "type": "nessus", "viewCount": 3}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2017-10-29T13:42:53"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc"], "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 6, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "hash": "b6dc56bc13dc97a53156f35371e1d7596f85d2adb38ae60cb508455318a45763", "hashmap": [{"hash": "118382c03abaa3b485dbe4bb05d7fce0", "key": "references"}, {"hash": "c7edc6c61a927ed317ac130b51fac2d6", "key": "cpe"}, {"hash": "7c03779312ffcb90b2c1d0c697a916c4", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "bbd32ee296cd9916b85e8a3a2785f280", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "6b88e9e1569a7e403c2a9fd24de5e45b", "key": "href"}, {"hash": "f4263cb7ab9b83d87b6d91af466e0d19", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "5202b03f701d8ce3aa7ec293f5085c0c", "key": "sourceData"}, {"hash": "5b253987191eeddaec27a34011982132", "key": "published"}, {"hash": "4fbd848df540aebf66e3dacc295ede8d", "key": "title"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "0f53e31ba1befcd78a8de722fd263e97", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=70536", "id": "REDHAT-RHSA-2013-1447.NASL", "lastseen": "2018-09-02T00:01:38", "modified": "2018-07-26T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "70536", "published": "2013-10-22T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-5849.html", "https://www.redhat.com/security/data/cve/CVE-2013-5814.html", "https://www.redhat.com/security/data/cve/CVE-2013-3829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5820.html", "https://www.redhat.com/security/data/cve/CVE-2013-5778.html", "https://www.redhat.com/security/data/cve/CVE-2013-5825.html", "https://www.redhat.com/security/data/cve/CVE-2013-5842.html", "https://www.redhat.com/security/data/cve/CVE-2013-5829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5772.html", "https://www.redhat.com/security/data/cve/CVE-2013-5803.html", "https://www.redhat.com/security/data/cve/CVE-2013-5797.html", "https://www.redhat.com/security/data/cve/CVE-2013-5830.html", "https://www.redhat.com/security/data/cve/CVE-2013-5809.html", "https://www.redhat.com/security/data/cve/CVE-2013-5782.html", "https://www.redhat.com/security/data/cve/CVE-2013-5840.html", "https://www.redhat.com/security/data/cve/CVE-2013-5774.html", "https://www.redhat.com/security/data/cve/CVE-2013-5838.html", "https://www.redhat.com/security/data/cve/CVE-2013-5800.html", "https://www.redhat.com/security/data/cve/CVE-2013-4002.html", "https://www.redhat.com/security/data/cve/CVE-2013-5851.html", "https://www.redhat.com/security/data/cve/CVE-2013-5850.html", "https://www.redhat.com/security/data/cve/CVE-2013-5823.html", "https://www.redhat.com/security/data/cve/CVE-2013-5817.html", "https://www.redhat.com/security/data/cve/CVE-2013-5790.html", "https://www.redhat.com/security/data/cve/CVE-2013-5780.html", "https://www.redhat.com/security/data/cve/CVE-2013-5783.html", "http://rhn.redhat.com/errata/RHSA-2013-1447.html", "https://www.redhat.com/security/data/cve/CVE-2013-5784.html", "https://www.redhat.com/security/data/cve/CVE-2013-5802.html", "https://www.redhat.com/security/data/cve/CVE-2013-5804.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1447. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70536);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/26 18:45:28\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(61310, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63115, 63118, 63120, 63121, 63128, 63131, 63133, 63134, 63135, 63137, 63142, 63143, 63146, 63148, 63149, 63150, 63153, 63154);\n script_xref(name:\"RHSA\", value:\"2013:1447\");\n\n script_name(english:\"RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783,\nCVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849,\nCVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-3829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5778.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5784.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5800.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5803.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5804.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5820.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5850.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5851.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1447.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1447\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n }\n}\n", "title": "RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)", "type": "nessus", "viewCount": 3}, "differentElements": ["modified", "sourceData"], "edition": 6, "lastseen": "2018-09-02T00:01:38"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc"], "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 4, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "hash": "b6dc56bc13dc97a53156f35371e1d7596f85d2adb38ae60cb508455318a45763", "hashmap": [{"hash": "118382c03abaa3b485dbe4bb05d7fce0", "key": "references"}, {"hash": "c7edc6c61a927ed317ac130b51fac2d6", "key": "cpe"}, {"hash": "7c03779312ffcb90b2c1d0c697a916c4", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "bbd32ee296cd9916b85e8a3a2785f280", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "6b88e9e1569a7e403c2a9fd24de5e45b", "key": "href"}, {"hash": "f4263cb7ab9b83d87b6d91af466e0d19", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "5202b03f701d8ce3aa7ec293f5085c0c", "key": "sourceData"}, {"hash": "5b253987191eeddaec27a34011982132", "key": "published"}, {"hash": "4fbd848df540aebf66e3dacc295ede8d", "key": "title"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "0f53e31ba1befcd78a8de722fd263e97", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=70536", "id": "REDHAT-RHSA-2013-1447.NASL", "lastseen": "2018-07-30T14:14:25", "modified": "2018-07-26T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "70536", "published": "2013-10-22T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-5849.html", "https://www.redhat.com/security/data/cve/CVE-2013-5814.html", "https://www.redhat.com/security/data/cve/CVE-2013-3829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5820.html", "https://www.redhat.com/security/data/cve/CVE-2013-5778.html", "https://www.redhat.com/security/data/cve/CVE-2013-5825.html", "https://www.redhat.com/security/data/cve/CVE-2013-5842.html", "https://www.redhat.com/security/data/cve/CVE-2013-5829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5772.html", "https://www.redhat.com/security/data/cve/CVE-2013-5803.html", "https://www.redhat.com/security/data/cve/CVE-2013-5797.html", "https://www.redhat.com/security/data/cve/CVE-2013-5830.html", "https://www.redhat.com/security/data/cve/CVE-2013-5809.html", "https://www.redhat.com/security/data/cve/CVE-2013-5782.html", "https://www.redhat.com/security/data/cve/CVE-2013-5840.html", "https://www.redhat.com/security/data/cve/CVE-2013-5774.html", "https://www.redhat.com/security/data/cve/CVE-2013-5838.html", "https://www.redhat.com/security/data/cve/CVE-2013-5800.html", "https://www.redhat.com/security/data/cve/CVE-2013-4002.html", "https://www.redhat.com/security/data/cve/CVE-2013-5851.html", "https://www.redhat.com/security/data/cve/CVE-2013-5850.html", "https://www.redhat.com/security/data/cve/CVE-2013-5823.html", "https://www.redhat.com/security/data/cve/CVE-2013-5817.html", "https://www.redhat.com/security/data/cve/CVE-2013-5790.html", "https://www.redhat.com/security/data/cve/CVE-2013-5780.html", "https://www.redhat.com/security/data/cve/CVE-2013-5783.html", "http://rhn.redhat.com/errata/RHSA-2013-1447.html", "https://www.redhat.com/security/data/cve/CVE-2013-5784.html", "https://www.redhat.com/security/data/cve/CVE-2013-5802.html", "https://www.redhat.com/security/data/cve/CVE-2013-5804.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1447. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70536);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/26 18:45:28\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(61310, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63115, 63118, 63120, 63121, 63128, 63131, 63133, 63134, 63135, 63137, 63142, 63143, 63146, 63148, 63149, 63150, 63153, 63154);\n script_xref(name:\"RHSA\", value:\"2013:1447\");\n\n script_name(english:\"RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783,\nCVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849,\nCVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-3829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5778.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5784.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5800.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5803.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5804.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5820.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5850.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5851.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1447.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1447\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n }\n}\n", "title": "RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)", "type": "nessus", "viewCount": 3}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-07-30T14:14:25"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 1, "hash": "bd8b6ab6b60671faf9f83178d8501a4e0d31ed501e1a3d729dae72146bd34d09", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "118382c03abaa3b485dbe4bb05d7fce0", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "bbd32ee296cd9916b85e8a3a2785f280", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "6b88e9e1569a7e403c2a9fd24de5e45b", "key": "href"}, {"hash": "f4263cb7ab9b83d87b6d91af466e0d19", "key": "description"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "5b253987191eeddaec27a34011982132", "key": "published"}, {"hash": "4fbd848df540aebf66e3dacc295ede8d", "key": "title"}, {"hash": "98f00858001a0dd10fbd90da55b4ee8c", "key": "modified"}, {"hash": "a8d17209fbdcb219e541d75f87424838", "key": "sourceData"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "0f53e31ba1befcd78a8de722fd263e97", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=70536", "id": "REDHAT-RHSA-2013-1447.NASL", "lastseen": "2016-09-26T17:25:55", "modified": "2014-11-08T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.2", "pluginID": "70536", "published": "2013-10-22T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-5849.html", "https://www.redhat.com/security/data/cve/CVE-2013-5814.html", "https://www.redhat.com/security/data/cve/CVE-2013-3829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5820.html", "https://www.redhat.com/security/data/cve/CVE-2013-5778.html", "https://www.redhat.com/security/data/cve/CVE-2013-5825.html", "https://www.redhat.com/security/data/cve/CVE-2013-5842.html", "https://www.redhat.com/security/data/cve/CVE-2013-5829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5772.html", "https://www.redhat.com/security/data/cve/CVE-2013-5803.html", "https://www.redhat.com/security/data/cve/CVE-2013-5797.html", "https://www.redhat.com/security/data/cve/CVE-2013-5830.html", "https://www.redhat.com/security/data/cve/CVE-2013-5809.html", "https://www.redhat.com/security/data/cve/CVE-2013-5782.html", "https://www.redhat.com/security/data/cve/CVE-2013-5840.html", "https://www.redhat.com/security/data/cve/CVE-2013-5774.html", "https://www.redhat.com/security/data/cve/CVE-2013-5838.html", "https://www.redhat.com/security/data/cve/CVE-2013-5800.html", "https://www.redhat.com/security/data/cve/CVE-2013-4002.html", "https://www.redhat.com/security/data/cve/CVE-2013-5851.html", "https://www.redhat.com/security/data/cve/CVE-2013-5850.html", "https://www.redhat.com/security/data/cve/CVE-2013-5823.html", "https://www.redhat.com/security/data/cve/CVE-2013-5817.html", "https://www.redhat.com/security/data/cve/CVE-2013-5790.html", "https://www.redhat.com/security/data/cve/CVE-2013-5780.html", "https://www.redhat.com/security/data/cve/CVE-2013-5783.html", "http://rhn.redhat.com/errata/RHSA-2013-1447.html", "https://www.redhat.com/security/data/cve/CVE-2013-5784.html", "https://www.redhat.com/security/data/cve/CVE-2013-5802.html", "https://www.redhat.com/security/data/cve/CVE-2013-5804.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1447. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70536);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2014/11/08 02:22:00 $\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(61310, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63115, 63118, 63120, 63121, 63128, 63131, 63133, 63134, 63135, 63137, 63142, 63143, 63146, 63148, 63149, 63150, 63153, 63154);\n script_osvdb_id(95418, 98524, 98525, 98526, 98531, 98532, 98535, 98536, 98544, 98546, 98548, 98549, 98550, 98551, 98552, 98558, 98559, 98560, 98562, 98563, 98564, 98565, 98566, 98567, 98568, 98569, 98571, 98572, 98573);\n script_xref(name:\"RHSA\", value:\"2013:1447\");\n\n script_name(english:\"RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783,\nCVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849,\nCVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-3829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5778.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5784.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5800.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5803.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5804.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5820.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5850.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5851.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1447.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n}\n", "title": "RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:25:55"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "c7edc6c61a927ed317ac130b51fac2d6"}, {"key": "cvelist", "hash": "bbd32ee296cd9916b85e8a3a2785f280"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "f4263cb7ab9b83d87b6d91af466e0d19"}, {"key": "href", "hash": "6b88e9e1569a7e403c2a9fd24de5e45b"}, {"key": "modified", "hash": "7f86b488cde79959076c92cafc9748f6"}, {"key": "naslFamily", "hash": "b46559ea68ec9a13474c3a7776817cfd"}, {"key": "pluginID", "hash": "0f53e31ba1befcd78a8de722fd263e97"}, {"key": "published", "hash": "5b253987191eeddaec27a34011982132"}, {"key": "references", "hash": "118382c03abaa3b485dbe4bb05d7fce0"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "a9c3b1413d5261efd840acf539752673"}, {"key": "title", "hash": "4fbd848df540aebf66e3dacc295ede8d"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "701c3e6065ed514f713539cabaabaf8516346ad209225359398807c59023c148", "viewCount": 4, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}, "vulnersScore": 9.3}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1447. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70536);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/09/10 11:37:05\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(61310, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63115, 63118, 63120, 63121, 63128, 63131, 63133, 63134, 63135, 63137, 63142, 63143, 63146, 63148, 63149, 63150, 63153, 63154);\n script_xref(name:\"RHSA\", value:\"2013:1447\");\n\n script_name(english:\"RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783,\nCVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849,\nCVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1447.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5851.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5850.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-3829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5820.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5803.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5800.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5804.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5784.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5778.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5830.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1447\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "70536", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc"]}

{"nessus": [{"lastseen": "2018-09-02T00:02:50", "references": [], "pluginID": "71037", "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-3829, CVE-2013-5783, CVE-2013-5804)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2013-4002, CVE-2013-5803, CVE-2013-5823, CVE-2013-5825)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2013-5772, CVE-2013-5774, CVE-2013-5784, CVE-2013-5797, CVE-2013-5820)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-5778, CVE-2013-5780, CVE-2013-5790, CVE-2013-5840, CVE-2013-5849, CVE-2013-5851)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2013-5782, CVE-2013-5802, CVE-2013-5809, CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5830, CVE-2013-5842, CVE-2013-5850).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2013-11-22T00:00:00", "title": "Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2033-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-08-03T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2033-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71037", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2033-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71037);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/08/03 12:21:24\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(61310, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63115, 63118, 63120, 63121, 63128, 63133, 63134, 63135, 63137, 63142, 63143, 63146, 63148, 63149, 63150, 63153, 63154);\n script_xref(name:\"USN\", value:\"2033-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2033-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure and data integrity. An attacker could exploit\nthese to expose sensitive data over the network. (CVE-2013-3829,\nCVE-2013-5783, CVE-2013-5804)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\navailability. An attacker could exploit these to cause a denial of\nservice. (CVE-2013-4002, CVE-2013-5803, CVE-2013-5823, CVE-2013-5825)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ndata integrity. (CVE-2013-5772, CVE-2013-5774, CVE-2013-5784,\nCVE-2013-5797, CVE-2013-5820)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure. An attacker could exploit these to expose\nsensitive data over the network. (CVE-2013-5778, CVE-2013-5780,\nCVE-2013-5790, CVE-2013-5840, CVE-2013-5849, CVE-2013-5851)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure, data integrity and availability. An attacker\ncould exploit these to cause a denial of service or expose sensitive\ndata over the network. (CVE-2013-5782, CVE-2013-5802, CVE-2013-5809,\nCVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5830,\nCVE-2013-5842, CVE-2013-5850).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b27-1.12.6-1ubuntu0.10.04.4\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b27-1.12.6-1ubuntu0.10.04.4\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b27-1.12.6-1ubuntu0.10.04.4\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b27-1.12.6-1ubuntu0.10.04.4\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b27-1.12.6-1ubuntu0.10.04.4\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b27-1.12.6-1ubuntu0.12.04.4\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"icedtea-6-jre-jamvm\", pkgver:\"6b27-1.12.6-1ubuntu0.12.04.4\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b27-1.12.6-1ubuntu0.12.04.4\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b27-1.12.6-1ubuntu0.12.04.4\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b27-1.12.6-1ubuntu0.12.04.4\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b27-1.12.6-1ubuntu0.12.04.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-6-jre-cacao / icedtea-6-jre-jamvm / openjdk-6-jre / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:58:38", "references": ["http://support.novell.com/security/cve/CVE-2013-5842.html", "http://support.novell.com/security/cve/CVE-2013-5803.html", "http://support.novell.com/security/cve/CVE-2013-5809.html", "http://support.novell.com/security/cve/CVE-2013-5774.html", "http://support.novell.com/security/cve/CVE-2013-5830.html", "http://support.novell.com/security/cve/CVE-2013-5802.html", "http://support.novell.com/security/cve/CVE-2013-5825.html", "http://support.novell.com/security/cve/CVE-2013-5850.html", "http://support.novell.com/security/cve/CVE-2013-5797.html", "http://support.novell.com/security/cve/CVE-2013-5784.html", "http://support.novell.com/security/cve/CVE-2013-3829.html", "http://support.novell.com/security/cve/CVE-2013-5782.html", "http://support.novell.com/security/cve/CVE-2013-5814.html", "http://support.novell.com/security/cve/CVE-2013-5823.html", "http://support.novell.com/security/cve/CVE-2013-5817.html", "http://support.novell.com/security/cve/CVE-2013-5780.html", "http://support.novell.com/security/cve/CVE-2013-5772.html", "http://support.novell.com/security/cve/CVE-2013-5804.html", "http://support.novell.com/security/cve/CVE-2013-5790.html", "http://support.novell.com/security/cve/CVE-2013-5851.html", "http://support.novell.com/security/cve/CVE-2013-5829.html", "http://support.novell.com/security/cve/CVE-2013-5849.html", "http://support.novell.com/security/cve/CVE-2013-5820.html", "http://support.novell.com/security/cve/CVE-2013-4002.html", "http://support.novell.com/security/cve/CVE-2013-5783.html", "https://bugzilla.novell.com/show_bug.cgi?id=852367", "http://support.novell.com/security/cve/CVE-2013-5840.html", "http://support.novell.com/security/cve/CVE-2013-5778.html"], "pluginID": "71171", "description": "OpenJDK 1.6 was updated to the new Icedtea release 1.12.7, which includes many fixes for bugs and security issues :\n\n - S8006900, CVE-2013-3829: Add new date/time capability\n\n - S8008589: Better MBean permission validation\n\n - S8011071, CVE-2013-5780: Better crypto provider handling\n\n - S8011081, CVE-2013-5772: Improve jhat\n\n - S8011157, CVE-2013-5814: Improve CORBA portablility\n\n - S8012071, CVE-2013-5790: Better Building of Beans\n\n - S8012147: Improve tool support\n\n - S8012277: CVE-2013-5849: Improve AWT DataFlavor\n\n - S8012425, CVE-2013-5802: Transform TransformerFactory\n\n - S8013503, CVE-2013-5851: Improve stream factories\n\n - S8013506: Better Pack200 data handling\n\n - S8013510, CVE-2013-5809: Augment image writing code\n\n - S8013514: Improve stability of cmap class\n\n - S8013739, CVE-2013-5817: Better LDAP resource management\n\n - S8013744, CVE-2013-5783: Better tabling for AWT\n\n - S8014085: Better serialization support in JMX classes\n\n - S8014093, CVE-2013-5782: Improve parsing of images\n\n - S8014102, CVE-2013-5778: Improve image conversion\n\n - S8014341, CVE-2013-5803: Better service from Kerberos servers\n\n - S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass problematic in some class loader configurations\n\n - S8014530, CVE-2013-5825: Better digital signature processing\n\n - S8014534: Better profiling support\n\n - S8014987, CVE-2013-5842: Augment serialization handling\n\n - S8015614: Update build settings\n\n - S8015731: Subject java.security.auth.subject to improvements\n\n - S8015743, CVE-2013-5774: Address internet addresses\n\n - S8016256: Make finalization final\n\n - S8016653, CVE-2013-5804: javadoc should ignore ignoreable characters in names\n\n - S8016675, CVE-2013-5797: Make Javadoc pages more robust\n\n - S8017196, CVE-2013-5850: Ensure Proxies are handled appropriately\n\n - S8017287, CVE-2013-5829: Better resource disposal\n\n - S8017291, CVE-2013-5830: Cast Proxies Aside\n\n - S8017298, CVE-2013-4002: Better XML support\n\n - S8017300, CVE-2013-5784: Improve Interface Implementation\n\n - S8017505, CVE-2013-5820: Better Client Service\n\n - S8019292: Better Attribute Value Exceptions\n\n - S8019617: Better view of objects\n\n - S8020293: JVM crash\n\n - S8021290, CVE-2013-5823: Better signature validation\n\n - S8022940: Enhance CORBA translations\n\n - S8023683: Enhance class file parsing", "edition": 4, "reporter": "Tenable", "published": "2013-12-03T00:00:00", "title": "SuSE 11.2 Security Update : OpenJDK 1.6 (SAT Patch Number 8598)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-12-03T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-demo"], "id": "SUSE_11_JAVA-1_6_0-OPENJDK-131129.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71171", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71171);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2013/12/03 12:13:22 $\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n\n script_name(english:\"SuSE 11.2 Security Update : OpenJDK 1.6 (SAT Patch Number 8598)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenJDK 1.6 was updated to the new Icedtea release 1.12.7, which\nincludes many fixes for bugs and security issues :\n\n - S8006900, CVE-2013-3829: Add new date/time capability\n\n - S8008589: Better MBean permission validation\n\n - S8011071, CVE-2013-5780: Better crypto provider handling\n\n - S8011081, CVE-2013-5772: Improve jhat\n\n - S8011157, CVE-2013-5814: Improve CORBA portablility\n\n - S8012071, CVE-2013-5790: Better Building of Beans\n\n - S8012147: Improve tool support\n\n - S8012277: CVE-2013-5849: Improve AWT DataFlavor\n\n - S8012425, CVE-2013-5802: Transform TransformerFactory\n\n - S8013503, CVE-2013-5851: Improve stream factories\n\n - S8013506: Better Pack200 data handling\n\n - S8013510, CVE-2013-5809: Augment image writing code\n\n - S8013514: Improve stability of cmap class\n\n - S8013739, CVE-2013-5817: Better LDAP resource management\n\n - S8013744, CVE-2013-5783: Better tabling for AWT\n\n - S8014085: Better serialization support in JMX classes\n\n - S8014093, CVE-2013-5782: Improve parsing of images\n\n - S8014102, CVE-2013-5778: Improve image conversion\n\n - S8014341, CVE-2013-5803: Better service from Kerberos\n servers\n\n - S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass\n problematic in some class loader configurations\n\n - S8014530, CVE-2013-5825: Better digital signature\n processing\n\n - S8014534: Better profiling support\n\n - S8014987, CVE-2013-5842: Augment serialization handling\n\n - S8015614: Update build settings\n\n - S8015731: Subject java.security.auth.subject to\n improvements\n\n - S8015743, CVE-2013-5774: Address internet addresses\n\n - S8016256: Make finalization final\n\n - S8016653, CVE-2013-5804: javadoc should ignore\n ignoreable characters in names\n\n - S8016675, CVE-2013-5797: Make Javadoc pages more robust\n\n - S8017196, CVE-2013-5850: Ensure Proxies are handled\n appropriately\n\n - S8017287, CVE-2013-5829: Better resource disposal\n\n - S8017291, CVE-2013-5830: Cast Proxies Aside\n\n - S8017298, CVE-2013-4002: Better XML support\n\n - S8017300, CVE-2013-5784: Improve Interface\n Implementation\n\n - S8017505, CVE-2013-5820: Better Client Service\n\n - S8019292: Better Attribute Value Exceptions\n\n - S8019617: Better view of objects\n\n - S8020293: JVM crash\n\n - S8021290, CVE-2013-5823: Better signature validation\n\n - S8022940: Enhance CORBA translations\n\n - S8023683: Enhance class file parsing\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5778.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5784.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5803.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5804.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5820.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5850.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5851.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 8598.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-openjdk-1.6.0.0_b27.1.12.7-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.7-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.7-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-openjdk-1.6.0.0_b27.1.12.7-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.7-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.7-0.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:35:36", "references": ["http://www.nessus.org/u?82869089"], "pluginID": "70772", "description": "Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross- site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 4, "reporter": "Tenable", "published": "2013-11-06T00:00:00", "title": "Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-11-06T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20131105_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70772", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70772);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2013/11/06 11:46:49 $\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components\nin OpenJDK. An untrusted Java application or applet could use these\nflaws to bypass certain Java sandbox restrictions. (CVE-2013-3829,\nCVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820,\nCVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross- site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1311&L=scientific-linux-errata&T=0&P=458\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?82869089\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:42:16", "references": ["https://alas.aws.amazon.com/ALAS-2013-246.html"], "pluginID": "70908", "description": "Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829 , CVE-2013-5814 , CVE-2013-5817 , CVE-2013-5842 , CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825 , CVE-2013-4002 , CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-3829 , CVE-2013-5840 , CVE-2013-5774 , CVE-2013-5783 , CVE-2013-5820 , CVE-2013-5849 , CVE-2013-5790 , CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804 , CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)", "edition": 5, "reporter": "Tenable", "published": "2013-11-14T00:00:00", "title": "Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-246)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-1.6.0-openjdk-src", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo"], "id": "ALA_ALAS-2013-246.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70908", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-246.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70908);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_xref(name:\"ALAS\", value:\"2013-246\");\n script_xref(name:\"RHSA\", value:\"2013:1505\");\n\n script_name(english:\"Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-246)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829 , CVE-2013-5814 , CVE-2013-5817 ,\nCVE-2013-5842 , CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825 ,\nCVE-2013-4002 , CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components\nin OpenJDK. An untrusted Java application or applet could use these\nflaws to bypass certain Java sandbox restrictions. (CVE-2013-3829 ,\nCVE-2013-5840 , CVE-2013-5774 , CVE-2013-5783 , CVE-2013-5820 ,\nCVE-2013-5849 , CVE-2013-5790 , CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804 , CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-246.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update java-1.6.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-1.6.0.0-65.1.11.14.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-65.1.11.14.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-65.1.11.14.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-65.1.11.14.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-65.1.11.14.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-65.1.11.14.57.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:10:17", "references": ["https://oss.oracle.com/pipermail/el-errata/2013-November/003790.html", "https://oss.oracle.com/pipermail/el-errata/2013-November/003789.html"], "pluginID": "70770", "description": "From Red Hat Security Advisory 2013:1505 :\n\nUpdated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2013-11-06T00:00:00", "title": "Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2013-1505)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc"], "id": "ORACLELINUX_ELSA-2013-1505.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70770", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:1505 and \n# Oracle Linux Security Advisory ELSA-2013-1505 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70770);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_xref(name:\"RHSA\", value:\"2013:1505\");\n\n script_name(english:\"Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2013-1505)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:1505 :\n\nUpdated java-1.6.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components\nin OpenJDK. An untrusted Java application or applet could use these\nflaws to bypass certain Java sandbox restrictions. (CVE-2013-3829,\nCVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820,\nCVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-November/003789.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-November/003790.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.0.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-12T10:05:15", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-5849.html", "https://www.redhat.com/security/data/cve/CVE-2013-5814.html", "https://www.redhat.com/security/data/cve/CVE-2013-3829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5820.html", "https://www.redhat.com/security/data/cve/CVE-2013-5778.html", "https://www.redhat.com/security/data/cve/CVE-2013-5825.html", "https://www.redhat.com/security/data/cve/CVE-2013-5842.html", "http://rhn.redhat.com/errata/RHSA-2013-1505.html", "https://www.redhat.com/security/data/cve/CVE-2013-5829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5772.html", "https://www.redhat.com/security/data/cve/CVE-2013-5803.html", "https://www.redhat.com/security/data/cve/CVE-2013-5797.html", "https://www.redhat.com/security/data/cve/CVE-2013-5830.html", "https://www.redhat.com/security/data/cve/CVE-2013-5809.html", "https://www.redhat.com/security/data/cve/CVE-2013-5782.html", "https://www.redhat.com/security/data/cve/CVE-2013-5840.html", "https://www.redhat.com/security/data/cve/CVE-2013-5774.html", "https://www.redhat.com/security/data/cve/CVE-2013-4002.html", "https://www.redhat.com/security/data/cve/CVE-2013-5850.html", "https://www.redhat.com/security/data/cve/CVE-2013-5823.html", "https://www.redhat.com/security/data/cve/CVE-2013-5817.html", "https://www.redhat.com/security/data/cve/CVE-2013-5790.html", "https://www.redhat.com/security/data/cve/CVE-2013-5780.html", "https://www.redhat.com/security/data/cve/CVE-2013-5783.html", "https://www.redhat.com/security/data/cve/CVE-2013-5784.html", "https://www.redhat.com/security/data/cve/CVE-2013-5802.html", "https://www.redhat.com/security/data/cve/CVE-2013-5804.html"], "pluginID": "70771", "description": "Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 7, "reporter": "Tenable", "published": "2013-11-06T00:00:00", "title": "RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2013:1505)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-09-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo"], "id": "REDHAT-RHSA-2013-1505.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70771", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1505. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70771);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/09/10 11:37:06\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_xref(name:\"RHSA\", value:\"2013:1505\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2013:1505)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components\nin OpenJDK. An untrusted Java application or applet could use these\nflaws to bypass certain Java sandbox restrictions. (CVE-2013-3829,\nCVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820,\nCVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1505.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5850.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-3829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5820.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5803.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5804.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5784.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5778.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5830.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1505\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:33:35", "references": ["http://www.nessus.org/u?8c37ce9a", "http://www.nessus.org/u?870f6522"], "pluginID": "70769", "description": "Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2013-11-06T00:00:00", "title": "CentOS 5 / 6 : java-1.6.0-openjdk (CESA-2013:1505)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-07-02T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2013-1505.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70769", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1505 and \n# CentOS Errata and Security Advisory 2013:1505 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70769);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/02 18:48:53\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_xref(name:\"RHSA\", value:\"2013:1505\");\n\n script_name(english:\"CentOS 5 / 6 : java-1.6.0-openjdk (CESA-2013:1505)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components\nin OpenJDK. An untrusted Java application or applet could use these\nflaws to bypass certain Java sandbox restrictions. (CVE-2013-3829,\nCVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820,\nCVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2013-November/020016.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?870f6522\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2013-November/020019.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8c37ce9a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-12T09:52:58", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-5849.html", "https://www.redhat.com/security/data/cve/CVE-2013-5814.html", "https://www.redhat.com/security/data/cve/CVE-2013-3829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5820.html", "https://www.redhat.com/security/data/cve/CVE-2013-5778.html", "https://www.redhat.com/security/data/cve/CVE-2013-5825.html", "https://www.redhat.com/security/data/cve/CVE-2013-5842.html", "https://www.redhat.com/security/data/cve/CVE-2013-5829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5772.html", "https://www.redhat.com/security/data/cve/CVE-2013-5803.html", "https://www.redhat.com/security/data/cve/CVE-2013-5797.html", "https://www.redhat.com/security/data/cve/CVE-2013-5830.html", "https://www.redhat.com/security/data/cve/CVE-2013-5809.html", "https://www.redhat.com/security/data/cve/CVE-2013-5782.html", "https://www.redhat.com/security/data/cve/CVE-2013-5840.html", "https://www.redhat.com/security/data/cve/CVE-2013-5774.html", "https://www.redhat.com/security/data/cve/CVE-2013-5838.html", "https://www.redhat.com/security/data/cve/CVE-2013-5800.html", "http://rhn.redhat.com/errata/RHSA-2013-1451.html", "https://www.redhat.com/security/data/cve/CVE-2013-4002.html", "https://www.redhat.com/security/data/cve/CVE-2013-5851.html", "https://www.redhat.com/security/data/cve/CVE-2013-5850.html", "https://www.redhat.com/security/data/cve/CVE-2013-5823.html", "https://www.redhat.com/security/data/cve/CVE-2013-5817.html", "https://www.redhat.com/security/data/cve/CVE-2013-5790.html", "https://www.redhat.com/security/data/cve/CVE-2013-5780.html", "https://www.redhat.com/security/data/cve/CVE-2013-5783.html", "https://www.redhat.com/security/data/cve/CVE-2013-5784.html", "https://www.redhat.com/security/data/cve/CVE-2013-5802.html", "https://www.redhat.com/security/data/cve/CVE-2013-5804.html"], "pluginID": "70554", "description": "Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 6, "reporter": "Tenable", "published": "2013-10-23T00:00:00", "title": "RHEL 6 : java-1.7.0-openjdk (RHSA-2013:1451)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-09-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc"], "id": "REDHAT-RHSA-2013-1451.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70554", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1451. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70554);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/09/10 11:37:05\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(61310, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63115, 63118, 63120, 63121, 63128, 63131, 63133, 63134, 63135, 63137, 63142, 63143, 63146, 63148, 63149, 63150, 63153, 63154);\n script_xref(name:\"RHSA\", value:\"2013:1451\");\n\n script_name(english:\"RHEL 6 : java-1.7.0-openjdk (RHSA-2013:1451)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783,\nCVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849,\nCVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1451.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5851.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5850.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-3829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5820.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5803.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5800.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5804.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5784.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5778.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5830.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1451\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.2.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:09:24", "references": ["https://alas.aws.amazon.com/ALAS-2013-235.html"], "pluginID": "70897", "description": "Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829 , CVE-2013-5814 , CVE-2013-5817 , CVE-2013-5842 , CVE-2013-5850 , CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825 , CVE-2013-4002 , CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829 , CVE-2013-5840 , CVE-2013-5774 , CVE-2013-5783 , CVE-2013-5820 , CVE-2013-5851 , CVE-2013-5800 , CVE-2013-5849 , CVE-2013-5790 , CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804 , CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)", "edition": 5, "reporter": "Tenable", "published": "2013-11-14T00:00:00", "title": "Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-235)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-1.7.0-openjdk", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2013-235.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70897", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-235.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70897);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_xref(name:\"ALAS\", value:\"2013-235\");\n script_xref(name:\"RHSA\", value:\"2013:1451\");\n\n script_name(english:\"Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-235)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829 , CVE-2013-5814 , CVE-2013-5817 ,\nCVE-2013-5842 , CVE-2013-5850 , CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825 ,\nCVE-2013-4002 , CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829 , CVE-2013-5840 , CVE-2013-5774 , CVE-2013-5783 ,\nCVE-2013-5820 , CVE-2013-5851 , CVE-2013-5800 , CVE-2013-5849 ,\nCVE-2013-5790 , CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804 , CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-235.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update java-1.7.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.2.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.2.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.32.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:10:23", "references": ["https://oss.oracle.com/pipermail/el-errata/2013-October/003751.html"], "pluginID": "70535", "description": "From Red Hat Security Advisory 2013:1447 :\n\nUpdated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2013-10-22T00:00:00", "title": "Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2013-1447)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-07-18T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk"], "id": "ORACLELINUX_ELSA-2013-1447.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70535", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:1447 and \n# Oracle Linux Security Advisory ELSA-2013-1447 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70535);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(61310, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63115, 63118, 63120, 63121, 63128, 63131, 63133, 63134, 63135, 63137, 63142, 63143, 63146, 63148, 63149, 63150, 63153, 63154);\n script_xref(name:\"RHSA\", value:\"2013:1447\");\n\n script_name(english:\"Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2013-1447)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:1447 :\n\nUpdated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783,\nCVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849,\nCVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-October/003751.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.7.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.0.1.el5_10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-01T23:56:56", "references": ["2033-1", "http://www.ubuntu.com/usn/usn-2033-1/"], "pluginID": "1361412562310841636", "description": "Check for the Version of openjdk-6", "edition": 5, "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "published": "2013-11-26T00:00:00", "title": "Ubuntu Update for openjdk-6 USN-2033-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-08-17T00:00:00", "id": "OPENVAS:1361412562310841636", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841636", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2033_1.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for openjdk-6 USN-2033-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841636\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-26 11:26:48 +0530 (Tue, 26 Nov 2013)\");\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-5783\", \"CVE-2013-5804\", \"CVE-2013-4002\",\n \"CVE-2013-5803\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5772\",\n \"CVE-2013-5774\", \"CVE-2013-5784\", \"CVE-2013-5797\", \"CVE-2013-5820\",\n \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5790\", \"CVE-2013-5840\",\n \"CVE-2013-5849\", \"CVE-2013-5851\", \"CVE-2013-5782\", \"CVE-2013-5802\",\n \"CVE-2013-5809\", \"CVE-2013-5829\", \"CVE-2013-5814\", \"CVE-2013-5817\",\n \"CVE-2013-5830\", \"CVE-2013-5842\", \"CVE-2013-5850\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for openjdk-6 USN-2033-1\");\n\n\n script_tag(name:\"affected\", value:\"openjdk-6 on Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities were discovered in the OpenJDK JRE\nrelated to information disclosure and data integrity. An attacker could\nexploit these to expose sensitive data over the network. (CVE-2013-3829,\nCVE-2013-5783, CVE-2013-5804)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\navailability. An attacker could exploit these to cause a denial of service.\n(CVE-2013-4002, CVE-2013-5803, CVE-2013-5823, CVE-2013-5825)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to data\nintegrity. (CVE-2013-5772, CVE-2013-5774, CVE-2013-5784, CVE-2013-5797,\nCVE-2013-5820)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure. An attacker could exploit these to expose sensitive\ndata over the network. (CVE-2013-5778, CVE-2013-5780, CVE-2013-5790,\nCVE-2013-5840, CVE-2013-5849, CVE-2013-5851)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure, data integrity and availability. An attacker could\nexploit these to cause a denial of service or expose sensitive data over\nthe network. (CVE-2013-5782, CVE-2013-5802, CVE-2013-5809, CVE-2013-5829,\nCVE-2013-5814, CVE-2013-5817, CVE-2013-5830, CVE-2013-5842, CVE-2013-5850)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2033-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2033-1/\");\n script_tag(name:\"summary\", value:\"Check for the Version of openjdk-6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|10\\.04 LTS)\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b27-1.12.6-1ubuntu0.10.04.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b27-1.12.6-1ubuntu0.10.04.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b27-1.12.6-1ubuntu0.10.04.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b27-1.12.6-1ubuntu0.10.04.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b27-1.12.6-1ubuntu0.10.04.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:57:47", "references": ["2013:1505-01", "https://www.redhat.com/archives/rhsa-announce/2013-November/msg00001.html"], "pluginID": "1361412562310871062", "description": "Check for the Version of java-1.6.0-openjdk", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-11-08T00:00:00", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2013:1505-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310871062", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871062", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2013:1505-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871062\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:38:16 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\",\n \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\",\n \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\",\n \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\",\n \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\",\n \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\",\n \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2013:1505-01\");\n\n tag_insight = \"The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790,\nCVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2013:1505-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-November/msg00001.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:51:49", "references": ["2013:1505", "http://lists.centos.org/pipermail/centos-announce/2013-November/020019.html"], "pluginID": "881819", "description": "Check for the Version of java", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-11-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "CentOS Update for java CESA-2013:1505 centos6 ", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881819", "id": "OPENVAS:881819", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:1505 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881819);\n script_version(\"$Revision: 6655 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:48:58 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:44:42 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\",\n \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\",\n \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\",\n \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\",\n \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\",\n \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\",\n \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for java CESA-2013:1505 centos6 \");\n\n tag_insight = \"The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790,\nCVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasie ... \n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"java on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2013:1505\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-November/020019.html\");\n script_summary(\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:09:32", "references": ["2013:1505-01", "https://www.redhat.com/archives/rhsa-announce/2013-November/msg00001.html"], "pluginID": "871062", "description": "Check for the Version of java-1.6.0-openjdk", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-11-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "RedHat Update for java-1.6.0-openjdk RHSA-2013:1505-01", "type": "openvas", "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-01-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=871062", "id": "OPENVAS:871062", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2013:1505-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871062);\n script_version(\"$Revision: 8456 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 07:58:40 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:38:16 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\",\n \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\",\n \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\",\n \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\",\n \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\",\n \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\",\n \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2013:1505-01\");\n\n tag_insight = \"The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790,\nCVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2013:1505-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-November/msg00001.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:56:17", "references": ["2013:1505", "http://lists.centos.org/pipermail/centos-announce/2013-November/020016.html"], "pluginID": "1361412562310881822", "description": "Check for the Version of java", "edition": 4, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-11-08T00:00:00", "title": "CentOS Update for java CESA-2013:1505 centos5 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881822", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881822", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:1505 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881822\");\n script_version(\"$Revision: 9372 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:56:37 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:49:01 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\",\n \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\",\n \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\",\n \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\",\n \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\",\n \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\",\n \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for java CESA-2013:1505 centos5 \");\n\n tag_insight = \"The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790,\nCVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasie ... \n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"java on CentOS 5\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2013:1505\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-November/020016.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T14:33:31", "references": ["https://alas.aws.amazon.com/ALAS-2013-246.html"], "pluginID": "1361412562310120121", "description": "Amazon Linux Local Security Checks", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-09-08T00:00:00", "title": "Amazon Linux Local Check: alas-2013-246", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-10-01T00:00:00", "id": "OPENVAS:1361412562310120121", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120121", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2013-246.nasl 6577 2017-07-06 13:43:46Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120121\");\n script_version(\"$Revision: 11711 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:17:55 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 14:30:57 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: alas-2013-246\");\n script_tag(name:\"insight\", value:\"Multiple flaws were discovered in OpenJDK. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update java-1.6.0-openjdk to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-246.html\");\n script_cve_id(\"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5849\", \"CVE-2013-5797\", \"CVE-2013-5809\", \"CVE-2013-5842\", \"CVE-2013-5850\", \"CVE-2013-5790\", \"CVE-2013-5780\", \"CVE-2013-5783\", \"CVE-2013-3829\", \"CVE-2013-5782\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5804\", \"CVE-2013-5778\", \"CVE-2013-5829\", \"CVE-2013-4002\", \"CVE-2013-5784\", \"CVE-2013-5820\", \"CVE-2013-5840\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5830\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~65.1.11.14.57.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~65.1.11.14.57.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~65.1.11.14.57.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~65.1.11.14.57.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~65.1.11.14.57.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~65.1.11.14.57.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:25:41", "references": ["http://linux.oracle.com/errata/ELSA-2013-1505.html"], "pluginID": "1361412562310123534", "description": "Oracle Linux Local Security Checks ELSA-2013-1505", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2013-1505", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123534", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123534", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-1505.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123534\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:05:11 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-1505\");\n script_tag(name:\"insight\", value:\"ELSA-2013-1505 - java-1.6.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-1505\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-1505.html\");\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.42.1.11.14.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.42.1.11.14.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.42.1.11.14.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.42.1.11.14.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.42.1.11.14.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:51:33", "references": ["2013:1505", "http://lists.centos.org/pipermail/centos-announce/2013-November/020016.html"], "pluginID": "881822", "description": "Check for the Version of java", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-11-08T00:00:00", "title": "CentOS Update for java CESA-2013:1505 centos5 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881822", "id": "OPENVAS:881822", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:1505 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881822);\n script_version(\"$Revision: 6655 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:48:58 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:49:01 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\",\n \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\",\n \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\",\n \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\",\n \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\",\n \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\",\n \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for java CESA-2013:1505 centos5 \");\n\n tag_insight = \"The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790,\nCVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasie ... \n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"java on CentOS 5\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2013:1505\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-November/020016.html\");\n script_summary(\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-26T11:10:03", "references": ["2033-1", "http://www.ubuntu.com/usn/usn-2033-1/"], "pluginID": "841636", "description": "Check for the Version of openjdk-6", "edition": 4, "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "published": "2013-11-26T00:00:00", "title": "Ubuntu Update for openjdk-6 USN-2033-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-01-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841636", "id": "OPENVAS:841636", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2033_1.nasl 8526 2018-01-25 06:57:37Z teissa $\n#\n# Ubuntu Update for openjdk-6 USN-2033-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841636);\n script_version(\"$Revision: 8526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-26 11:26:48 +0530 (Tue, 26 Nov 2013)\");\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-5783\", \"CVE-2013-5804\", \"CVE-2013-4002\",\n \"CVE-2013-5803\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5772\",\n \"CVE-2013-5774\", \"CVE-2013-5784\", \"CVE-2013-5797\", \"CVE-2013-5820\",\n \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5790\", \"CVE-2013-5840\",\n \"CVE-2013-5849\", \"CVE-2013-5851\", \"CVE-2013-5782\", \"CVE-2013-5802\",\n \"CVE-2013-5809\", \"CVE-2013-5829\", \"CVE-2013-5814\", \"CVE-2013-5817\",\n \"CVE-2013-5830\", \"CVE-2013-5842\", \"CVE-2013-5850\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for openjdk-6 USN-2033-1\");\n\n tag_insight = \"Several vulnerabilities were discovered in the OpenJDK JRE\nrelated to information disclosure and data integrity. An attacker could\nexploit these to expose sensitive data over the network. (CVE-2013-3829,\nCVE-2013-5783, CVE-2013-5804)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\navailability. An attacker could exploit these to cause a denial of service.\n(CVE-2013-4002, CVE-2013-5803, CVE-2013-5823, CVE-2013-5825)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to data\nintegrity. (CVE-2013-5772, CVE-2013-5774, CVE-2013-5784, CVE-2013-5797,\nCVE-2013-5820)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure. An attacker could exploit these to expose sensitive\ndata over the network. (CVE-2013-5778, CVE-2013-5780, CVE-2013-5790,\nCVE-2013-5840, CVE-2013-5849, CVE-2013-5851)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure, data integrity and availability. An attacker could\nexploit these to cause a denial of service or expose sensitive data over\nthe network. (CVE-2013-5782, CVE-2013-5802, CVE-2013-5809, CVE-2013-5829,\nCVE-2013-5814, CVE-2013-5817, CVE-2013-5830, CVE-2013-5842, CVE-2013-5850)\";\n\n tag_affected = \"openjdk-6 on Ubuntu 12.04 LTS ,\n Ubuntu 10.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2033-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2033-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of openjdk-6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b27-1.12.6-1ubuntu0.10.04.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b27-1.12.6-1ubuntu0.10.04.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b27-1.12.6-1ubuntu0.10.04.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b27-1.12.6-1ubuntu0.10.04.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b27-1.12.6-1ubuntu0.10.04.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:55:58", "references": ["2013:1505", "http://lists.centos.org/pipermail/centos-announce/2013-November/020019.html"], "pluginID": "1361412562310881819", "description": "Check for the Version of java", "edition": 4, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-11-08T00:00:00", "title": "CentOS Update for java CESA-2013:1505 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881819", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881819", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:1505 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881819\");\n script_version(\"$Revision: 9372 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:56:37 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:44:42 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\",\n \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\",\n \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\",\n \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\",\n \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\",\n \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\",\n \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for java CESA-2013:1505 centos6 \");\n\n tag_insight = \"The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790,\nCVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasie ... \n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"java on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2013:1505\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-November/020019.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:52", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5783", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5849", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5804", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5784", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5780", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5850", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5820", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5823", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5829", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5802", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5842", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-3829", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5803", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5814", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-4002", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5790", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5840", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5825", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5772", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5817", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5830", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5797", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5778", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5782", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5774", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5851", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5809"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.6-1ubuntu0.10.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.6-1ubuntu0.10.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.6-1ubuntu0.10.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.6-1ubuntu0.12.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-jamvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.6-1ubuntu0.10.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-cacao", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.6-1ubuntu0.12.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.6-1ubuntu0.12.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.6-1ubuntu0.12.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-cacao", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.6-1ubuntu0.12.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.6-1ubuntu0.12.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.6-1ubuntu0.10.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-zero", "operator": "lt"}], "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-3829, CVE-2013-5783, CVE-2013-5804)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2013-4002, CVE-2013-5803, CVE-2013-5823, CVE-2013-5825)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2013-5772, CVE-2013-5774, CVE-2013-5784, CVE-2013-5797, CVE-2013-5820)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-5778, CVE-2013-5780, CVE-2013-5790, CVE-2013-5840, CVE-2013-5849, CVE-2013-5851)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2013-5782, CVE-2013-5802, CVE-2013-5809, CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5830, CVE-2013-5842, CVE-2013-5850)", "edition": 3, "reporter": "Ubuntu", "published": "2013-11-21T00:00:00", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-11-21T00:00:00", "id": "USN-2033-1", "href": "https://usn.ubuntu.com/2033-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:26", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5783", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5849", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5878", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5804", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0373", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5784", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5800", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5780", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5850", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5820", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5823", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5884", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5829", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5802", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5842", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-3829", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5806", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5803", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0416", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5893", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5896", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5814", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-4002", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0368", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5790", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0428", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0423", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5910", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5840", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0376", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5825", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5772", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5817", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5805", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5830", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0408", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5797", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5778", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5782", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0411", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5774", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0422", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5907", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5851", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5809"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "13.10", "packageVersion": "7u51-2.4.4-0ubuntu0.13.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-7-jre-jamvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "13.04", "packageVersion": "7u51-2.4.4-0ubuntu0.13.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "13.04", "packageVersion": "7u51-2.4.4-0ubuntu0.13.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u51-2.4.4-0ubuntu0.12.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "13.10", "packageVersion": "7u51-2.4.4-0ubuntu0.13.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u51-2.4.4-0ubuntu0.12.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-7-jre-cacao", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "13.10", "packageVersion": "7u51-2.4.4-0ubuntu0.13.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "13.10", "packageVersion": "7u51-2.4.4-0ubuntu0.13.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "13.10", "packageVersion": "7u51-2.4.4-0ubuntu0.13.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u51-2.4.4-0ubuntu0.12.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "13.04", "packageVersion": "7u51-2.4.4-0ubuntu0.13.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-7-jre-jamvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u51-2.4.4-0ubuntu0.12.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-7-jre-jamvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u51-2.4.4-0ubuntu0.12.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "13.04", "packageVersion": "7u51-2.4.4-0ubuntu0.13.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "13.04", "packageVersion": "7u51-2.4.4-0ubuntu0.13.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u51-2.4.4-0ubuntu0.12.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-lib", "operator": "lt"}], "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-3829, CVE-2013-5783, CVE-2013-5804, CVE-2014-0411)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2013-4002, CVE-2013-5803, CVE-2013-5823, CVE-2013-5825, CVE-2013-5896, CVE-2013-5910)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2013-5772, CVE-2013-5774, CVE-2013-5784, CVE-2013-5797, CVE-2013-5820, CVE-2014-0376, CVE-2014-0416)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-5778, CVE-2013-5780, CVE-2013-5790, CVE-2013-5800, CVE-2013-5840, CVE-2013-5849, CVE-2013-5851, CVE-2013-5884, CVE-2014-0368)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2013-5782, CVE-2013-5802, CVE-2013-5809, CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5830, CVE-2013-5842, CVE-2013-5850, CVE-2013-5878, CVE-2013-5893, CVE-2013-5907, CVE-2014-0373, CVE-2014-0408, CVE-2014-0422, CVE-2014-0428)\n\nA vulnerability was discovered in the OpenJDK JRE related to information disclosure and availability. An attacker could exploit this to expose sensitive data over the network or cause a denial of service. (CVE-2014-0423)", "edition": 3, "reporter": "Ubuntu", "published": "2014-01-23T00:00:00", "title": "OpenJDK 7 vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5878", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5884", "CVE-2013-5893", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2014-0373", "CVE-2013-5806", "CVE-2013-5805", "CVE-2014-0408", "CVE-2013-5825", "CVE-2014-0376", "CVE-2014-0422", "CVE-2014-0411", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5896", "CVE-2013-5780", "CVE-2013-5910", "CVE-2014-0428", "CVE-2013-5814", "CVE-2014-0368", "CVE-2014-0423", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5907", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2014-0416", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2014-01-23T00:00:00", "id": "USN-2089-1", "href": "https://usn.ubuntu.com/2089-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:12", "references": ["https://rhn.redhat.com/errata/RHSA-2013-1505.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "any", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "i386", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "any", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "i386", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "i386", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "i386", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "i386", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:1505\n\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790,\nCVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasier to perform cross-site scripting attacks. (CVE-2013-5804,\nCVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings returned by\ntoString() methods. These flaws could possibly lead to an unexpected\nexposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added\ninto the HTML pages it generated. Crafted content in the memory of a Java\nprogram analyzed using jhat could possibly be used to conduct cross-site\nscripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using JGSS to\nexit. (CVE-2013-5803)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-November/020016.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-November/020019.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1505.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-11-05T20:45:16", "title": "java security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-11-05T21:41:40", "href": "http://lists.centos.org/pipermail/centos-announce/2013-November/020016.html", "id": "CESA-2013:1505", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:26:31", "references": ["https://rhn.redhat.com/errata/RHSA-2013-1447.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10.i386.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10.i386.rpm", "packageName": "java-1.7.0-openjdk-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10.i386.rpm", "packageName": "java-1.7.0-openjdk-demo", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10.src.rpm", "packageName": "java-1.7.0-openjdk", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10.x86_64.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10.i386.rpm", "packageName": "java-1.7.0-openjdk-src", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10.i386.rpm", "packageName": "java-1.7.0-openjdk", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:1447\n\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850,\nCVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800,\nCVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasier to perform cross-site scripting attacks. (CVE-2013-5804,\nCVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings returned by\ntoString() methods. These flaws could possibly lead to an unexpected\nexposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added\ninto the HTML pages it generated. Crafted content in the memory of a Java\nprogram analyzed using jhat could possibly be used to conduct cross-site\nscripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using JGSS to\nexit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-October/019980.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1447.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-10-22T07:41:01", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "java security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-10-22T07:41:01", "href": "http://lists.centos.org/pipermail/centos-announce/2013-October/019980.html", "id": "CESA-2013:1447", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:25:08", "references": ["https://rhn.redhat.com/errata/RHSA-2013-1451.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "i686", "packageName": "java-1.7.0-openjdk-demo", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "any", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "i686", "packageName": "java-1.7.0-openjdk-devel", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "i686", "packageName": "java-1.7.0-openjdk-src", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "noarch", "packageName": "java-1.7.0-openjdk-javadoc", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.2.el6_4.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "noarch", "packageName": "java-1.7.0-openjdk-javadoc", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.2.el6_4.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-src", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "i686", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-demo", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-devel", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:1451\n\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850,\nCVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800,\nCVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasier to perform cross-site scripting attacks. (CVE-2013-5804,\nCVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings returned by\ntoString() methods. These flaws could possibly lead to an unexpected\nexposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added\ninto the HTML pages it generated. Crafted content in the memory of a Java\nprogram analyzed using jhat could possibly be used to conduct cross-site\nscripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using JGSS to\nexit. (CVE-2013-5803)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-October/019985.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1451.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-10-23T11:04:05", "title": "java security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-10-23T11:04:05", "href": "http://lists.centos.org/pipermail/centos-announce/2013-October/019985.html", "id": "CESA-2013:1451", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:55", "references": ["https://rhn.redhat.com/errata/RHSA-2014-1319.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "any", "packageName": "xerces-j2", "packageFilename": "xerces-j2-2.7.1-12.7.el6_5.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageName": "xerces-j2-javadoc-xni", "packageFilename": "xerces-j2-javadoc-xni-2.7.1-12.7.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageName": "xerces-j2-javadoc-impl", "packageFilename": "xerces-j2-javadoc-impl-2.7.1-12.7.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageName": "xerces-j2-javadoc-other", "packageFilename": "xerces-j2-javadoc-other-2.7.1-12.7.el6_5.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.11.0-17.el7_0", "arch": "noarch", "packageName": "xerces-j2-javadoc", "packageFilename": "xerces-j2-javadoc-2.11.0-17.el7_0.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageName": "xerces-j2", "packageFilename": "xerces-j2-2.7.1-12.7.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.11.0-17.el7_0", "arch": "noarch", "packageName": "xerces-j2", "packageFilename": "xerces-j2-2.11.0-17.el7_0.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageName": "xerces-j2-scripts", "packageFilename": "xerces-j2-scripts-2.7.1-12.7.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageName": "xerces-j2-javadoc-impl", "packageFilename": "xerces-j2-javadoc-impl-2.7.1-12.7.el6_5.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageName": "xerces-j2-demo", "packageFilename": "xerces-j2-demo-2.7.1-12.7.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageName": "xerces-j2", "packageFilename": "xerces-j2-2.7.1-12.7.el6_5.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageName": "xerces-j2-javadoc-apis", "packageFilename": "xerces-j2-javadoc-apis-2.7.1-12.7.el6_5.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageName": "xerces-j2-javadoc-apis", "packageFilename": "xerces-j2-javadoc-apis-2.7.1-12.7.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.11.0-17.el7_0", "arch": "any", "packageName": "xerces-j2", "packageFilename": "xerces-j2-2.11.0-17.el7_0.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageName": "xerces-j2-demo", "packageFilename": "xerces-j2-demo-2.7.1-12.7.el6_5.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageName": "xerces-j2-scripts", "packageFilename": "xerces-j2-scripts-2.7.1-12.7.el6_5.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.11.0-17.el7_0", "arch": "noarch", "packageName": "xerces-j2-demo", "packageFilename": "xerces-j2-demo-2.11.0-17.el7_0.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageName": "xerces-j2-javadoc-xni", "packageFilename": "xerces-j2-javadoc-xni-2.7.1-12.7.el6_5.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageName": "xerces-j2-javadoc-other", "packageFilename": "xerces-j2-javadoc-other-2.7.1-12.7.el6_5.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2014:1319\n\n\nApache Xerces for Java (Xerces-J) is a high performance, standards\ncompliant, validating XML parser written in Java. The xerces-j2 packages\nprovide Xerces-J version 2.\n\nA resource consumption issue was found in the way Xerces-J handled XML\ndeclarations. A remote attacker could use an XML document with a specially\ncrafted declaration using a long pseudo-attribute name that, when parsed by\nan application using Xerces-J, would cause that application to use an\nexcessive amount of CPU. (CVE-2013-4002)\n\nAll xerces-j2 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Applications using the\nXerces-J must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-September/020603.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-September/020605.html\n\n**Affected packages:**\nxerces-j2\nxerces-j2-demo\nxerces-j2-javadoc\nxerces-j2-javadoc-apis\nxerces-j2-javadoc-impl\nxerces-j2-javadoc-other\nxerces-j2-javadoc-xni\nxerces-j2-scripts\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1319.html", "edition": 1, "reporter": "CentOS Project", "published": "2014-09-30T10:18:46", "title": "xerces security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-4002"], "modified": "2014-09-30T10:59:34", "href": "http://lists.centos.org/pipermail/centos-announce/2014-September/020603.html", "id": "CESA-2014:1319", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-06-06T18:05:39", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-debuginfo", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "src", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "i386", "packageName": "java-1.6.0-openjdk-debuginfo", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "i386", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "i386", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "i386", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "i386", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "i386", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageName": "java-1.6.0-openjdk-debuginfo", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "src", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-debuginfo", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "operator": "lt"}], "description": "The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790,\nCVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasier to perform cross-site scripting attacks. (CVE-2013-5804,\nCVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings returned by\ntoString() methods. These flaws could possibly lead to an unexpected\nexposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added\ninto the HTML pages it generated. Crafted content in the memory of a Java\nprogram analyzed using jhat could possibly be used to conduct cross-site\nscripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using JGSS to\nexit. (CVE-2013-5803)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-11-05T05:00:00", "type": "redhat", "title": "(RHSA-2013:1505) Important: java-1.6.0-openjdk security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-3829", "CVE-2013-4002", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5790", "CVE-2013-5797", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5809", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5849", "CVE-2013-5850"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:34", "id": "RHSA-2013:1505", "href": "https://access.redhat.com/errata/RHSA-2013:1505", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:20:27", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageName": "java-1.7.0-openjdk-debuginfo", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageName": "java-1.7.0-openjdk-debuginfo", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageName": "java-1.7.0-openjdk-demo", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageName": "java-1.7.0-openjdk-javadoc", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageName": "java-1.7.0-openjdk-src", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageName": "java-1.7.0-openjdk-devel", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageName": "java-1.7.0-openjdk-demo", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageName": "java-1.7.0-openjdk-devel", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageName": "java-1.7.0-openjdk-javadoc", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageName": "java-1.7.0-openjdk-src", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "These packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850,\nCVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800,\nCVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasier to perform cross-site scripting attacks. (CVE-2013-5804,\nCVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings returned by\ntoString() methods. These flaws could possibly lead to an unexpected\nexposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added\ninto the HTML pages it generated. Crafted content in the memory of a Java\nprogram analyzed using jhat could possibly be used to conduct cross-site\nscripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using JGSS to\nexit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-10-21T04:00:00", "type": "redhat", "title": "(RHSA-2013:1447) Important: java-1.7.0-openjdk security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-3829", "CVE-2013-4002", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5790", "CVE-2013-5797", "CVE-2013-5800", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5809", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5849", "CVE-2013-5850", "CVE-2013-5851"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:47:39", "id": "RHSA-2013:1447", "href": "https://access.redhat.com/errata/RHSA-2013:1447", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-06T18:05:23", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "i686", "packageName": "java-1.7.0-openjdk-debuginfo", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "src", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-debuginfo", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "i686", "packageName": "java-1.7.0-openjdk-demo", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "i686", "packageName": "java-1.7.0-openjdk-devel", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "i686", "packageName": "java-1.7.0-openjdk-src", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "noarch", "packageName": "java-1.7.0-openjdk-javadoc", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.2.el6_4.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-src", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-demo", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-devel", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "i686", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm", "operator": "lt"}], "description": "The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850,\nCVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800,\nCVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasier to perform cross-site scripting attacks. (CVE-2013-5804,\nCVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings returned by\ntoString() methods. These flaws could possibly lead to an unexpected\nexposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added\ninto the HTML pages it generated. Crafted content in the memory of a Java\nprogram analyzed using jhat could possibly be used to conduct cross-site\nscripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using JGSS to\nexit. (CVE-2013-5803)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-10-22T04:00:00", "type": "redhat", "title": "(RHSA-2013:1451) Critical: java-1.7.0-openjdk security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-3829", "CVE-2013-4002", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5790", "CVE-2013-5797", "CVE-2013-5800", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5809", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5849", "CVE-2013-5850", "CVE-2013-5851"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:06", "id": "RHSA-2013:1451", "href": "https://access.redhat.com/errata/RHSA-2013:1451", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-12T23:59:35", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.5.0-ibm-javacomm", "packageFilename": "java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.5.0-ibm-jdbc", "packageFilename": "java-1.5.0-ibm-jdbc-1.5.0.16.4-1jpp.1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.5.0-ibm-plugin", "packageFilename": "java-1.5.0-ibm-plugin-1.5.0.16.4-1jpp.1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.5.0-ibm-accessibility", "packageFilename": "java-1.5.0-ibm-accessibility-1.5.0.16.4-1jpp.1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "i686", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "i686", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "i686", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "i686", "packageName": "java-1.5.0-ibm-javacomm", "packageFilename": "java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "i686", "packageName": "java-1.5.0-ibm-jdbc", "packageFilename": "java-1.5.0-ibm-jdbc-1.5.0.16.4-1jpp.1.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "i686", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "i686", "packageName": "java-1.5.0-ibm-plugin", "packageFilename": "java-1.5.0-ibm-plugin-1.5.0.16.4-1jpp.1.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "ppc", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "ppc", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "ppc", "packageName": "java-1.5.0-ibm-jdbc", "packageFilename": "java-1.5.0-ibm-jdbc-1.5.0.16.4-1jpp.1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "ppc", "packageName": "java-1.5.0-ibm-accessibility", "packageFilename": "java-1.5.0-ibm-accessibility-1.5.0.16.4-1jpp.1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "ppc", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "ppc", "packageName": "java-1.5.0-ibm-javacomm", "packageFilename": "java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "ppc", "packageName": "java-1.5.0-ibm-plugin", "packageFilename": "java-1.5.0-ibm-plugin-1.5.0.16.4-1jpp.1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "ppc64", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el5_10.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "ppc64", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el5_10.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "ppc", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "ppc64", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el5_10.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "ppc64", "packageName": "java-1.5.0-ibm-javacomm", "packageFilename": "java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el5_10.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "ppc64", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el5_10.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "x86_64", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "x86_64", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "x86_64", "packageName": "java-1.5.0-ibm-javacomm", "packageFilename": "java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "x86_64", "packageName": "java-1.5.0-ibm-accessibility", "packageFilename": "java-1.5.0-ibm-accessibility-1.5.0.16.4-1jpp.1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "x86_64", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "x86_64", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "x86_64", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "x86_64", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "x86_64", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "x86_64", "packageName": "java-1.5.0-ibm-javacomm", "packageFilename": "java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "x86_64", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "ppc", "packageName": "java-1.5.0-ibm-jdbc", "packageFilename": "java-1.5.0-ibm-jdbc-1.5.0.16.4-1jpp.1.el6_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "ppc", "packageName": "java-1.5.0-ibm-plugin", "packageFilename": "java-1.5.0-ibm-plugin-1.5.0.16.4-1jpp.1.el6_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "ppc", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el6_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "ppc64", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "ppc64", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "ppc64", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "ppc64", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "ppc64", "packageName": "java-1.5.0-ibm-javacomm", "packageFilename": "java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "s390", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el5_10.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "s390", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el5_10.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "s390", "packageName": "java-1.5.0-ibm-jdbc", "packageFilename": "java-1.5.0-ibm-jdbc-1.5.0.16.4-1jpp.1.el5_10.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "s390x", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el5_10.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "s390x", "packageName": "java-1.5.0-ibm-accessibility", "packageFilename": "java-1.5.0-ibm-accessibility-1.5.0.16.4-1jpp.1.el5_10.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "s390x", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el5_10.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "s390", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el5_10.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "s390", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el5_10.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "s390x", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el5_10.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "s390x", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el5_10.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "s390x", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "s390", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el6_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "s390", "packageName": "java-1.5.0-ibm-jdbc", "packageFilename": "java-1.5.0-ibm-jdbc-1.5.0.16.4-1jpp.1.el6_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "s390x", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "s390x", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.16.4-1jpp.1.el6_4", "arch": "s390x", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el6_4.s390x.rpm", "operator": "lt"}], "description": "IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2013-3829, CVE-2013-4041,\nCVE-2013-5372, CVE-2013-5375, CVE-2013-5774, CVE-2013-5778, CVE-2013-5780,\nCVE-2013-5782, CVE-2013-5783, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801,\nCVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5814,\nCVE-2013-5817, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5840,\nCVE-2013-5842, CVE-2013-5843, CVE-2013-5849)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16-FP4 release. All running\ninstances of IBM Java must be restarted for this update to take effect.\n", "reporter": "RedHat", "published": "2013-11-07T05:00:00", "type": "redhat", "title": "(RHSA-2013:1509) Important: java-1.5.0-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-3829", "CVE-2013-4041", "CVE-2013-5372", "CVE-2013-5375", "CVE-2013-5774", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5790", "CVE-2013-5797", "CVE-2013-5801", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5809", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5843", "CVE-2013-5849"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:37", "id": "RHSA-2013:1509", "href": "https://access.redhat.com/errata/RHSA-2013:1509", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-13T00:00:17", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.7.0-ibm", "packageFilename": "java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.7.0-ibm-demo", "packageFilename": "java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.7.0-ibm-jdbc", "packageFilename": "java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.7.0-ibm-plugin", "packageFilename": "java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.7.0-ibm-src", "packageFilename": "java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.7.0-ibm-devel", "packageFilename": "java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.6.0-1jpp.1.el6_4", "arch": "i686", "packageName": "java-1.7.0-ibm", "packageFilename": "java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.6.0-1jpp.1.el6_4", "arch": "i686", "packageName": "java-1.7.0-ibm-demo", "packageFilename": "java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.6.0-1jpp.1.el6_4", "arch": "i686", "packageName": "java-1.7.0-ibm-jdbc", "packageFilename": "java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.6.0-1jpp.1.el6_4", "arch": "i686", "packageName": "java-1.7.0-ibm-plugin", "packageFilename": "java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.6.0-1jpp.1.el6_4", "arch": "i686", "packageName": "java-1.7.0-ibm-devel", "packageFilename": "java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.6.0-1jpp.1.el6_4", "arch": "i686", "packageName": "java-1.7.0-ibm-src", "packageFilename": "java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "ppc", "packageName": "java-1.7.0-ibm-demo", "packageFilename": "java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "ppc", "packageName": "java-1.7.0-ibm-devel", "packageFilename": "java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "ppc", "packageName": "java-1.7.0-ibm-src", "packageFilename": "java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "ppc64", "packageName": "java-1.7.0-ibm-demo", "packageFilename": "java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "ppc", "packageName": "java-1.7.0-ibm", "packageFilename": "java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "ppc", "packageName": "java-1.7.0-ibm-jdbc", "packageFilename": "java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "ppc", "packageName": "java-1.7.0-ibm-plugin", "packageFilename": "java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "ppc64", "packageName": "java-1.7.0-ibm", "packageFilename": "java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "ppc64", "packageName": "java-1.7.0-ibm-devel", "packageFilename": "java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "ppc64", "packageName": "java-1.7.0-ibm-jdbc", "packageFilename": "java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "ppc64", "packageName": "java-1.7.0-ibm-src", "packageFilename": "java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "x86_64", "packageName": "java-1.7.0-ibm-devel", "packageFilename": "java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "x86_64", "packageName": "java-1.7.0-ibm-plugin", "packageFilename": "java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "x86_64", "packageName": "java-1.7.0-ibm", "packageFilename": "java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "x86_64", "packageName": "java-1.7.0-ibm-demo", "packageFilename": "java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "x86_64", "packageName": "java-1.7.0-ibm-jdbc", "packageFilename": "java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "x86_64", "packageName": "java-1.7.0-ibm-src", "packageFilename": "java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.6.0-1jpp.1.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-ibm-demo", "packageFilename": "java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.6.0-1jpp.1.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-ibm", "packageFilename": "java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.6.0-1jpp.1.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-ibm-devel", "packageFilename": "java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.6.0-1jpp.1.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-ibm-plugin", "packageFilename": "java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.6.0-1jpp.1.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-ibm-jdbc", "packageFilename": "java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.6.0-1jpp.1.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-ibm-src", "packageFilename": "java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.6.0-1jpp.1.el6_4", "arch": "ppc64", "packageName": "java-1.7.0-ibm-devel", "packageFilename": "java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.6.0-1jpp.1.el6_4", "arch": "ppc64", "packageName": "java-1.7.0-ibm", "packageFilename": "java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.6.0-1jpp.1.el6_4", "arch": "ppc64", "packageName": "java-1.7.0-ibm-demo", "packageFilename": "java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.6.0-1jpp.1.el6_4", "arch": "ppc64", "packageName": "java-1.7.0-ibm-jdbc", "packageFilename": "java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.6.0-1jpp.1.el6_4", "arch": "ppc64", "packageName": "java-1.7.0-ibm-src", "packageFilename": "java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "s390", "packageName": "java-1.7.0-ibm", "packageFilename": "java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "s390", "packageName": "java-1.7.0-ibm-demo", "packageFilename": "java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "s390", "packageName": "java-1.7.0-ibm-jdbc", "packageFilename": "java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "s390", "packageName": "java-1.7.0-ibm-devel", "packageFilename": "java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "s390", "packageName": "java-1.7.0-ibm-src", "packageFilename": "java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "s390x", "packageName": "java-1.7.0-ibm-jdbc", "packageFilename": "java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "s390x", "packageName": "java-1.7.0-ibm", "packageFilename": "java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "s390x", "packageName": "java-1.7.0-ibm-demo", "packageFilename": "java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "s390x", "packageName": "java-1.7.0-ibm-devel", "packageFilename": "java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "s390x", "packageName": "java-1.7.0-ibm-src", "packageFilename": "java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.6.0-1jpp.1.el6_4", "arch": "s390x", "packageName": "java-1.7.0-ibm", "packageFilename": "java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.6.0-1jpp.1.el6_4", "arch": "s390x", "packageName": "java-1.7.0-ibm-demo", "packageFilename": "java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.6.0-1jpp.1.el6_4", "arch": "s390x", "packageName": "java-1.7.0-ibm-jdbc", "packageFilename": "java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.6.0-1jpp.1.el6_4", "arch": "s390x", "packageName": "java-1.7.0-ibm-src", "packageFilename": "java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.6.0-1jpp.1.el6_4", "arch": "s390x", "packageName": "java-1.7.0-ibm-devel", "packageFilename": "java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4.s390x.rpm", "operator": "lt"}], "description": "IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2013-3829, CVE-2013-4041,\nCVE-2013-5372, CVE-2013-5375, CVE-2013-5456, CVE-2013-5457, CVE-2013-5458,\nCVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780,\nCVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788,\nCVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801,\nCVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812,\nCVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820,\nCVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830,\nCVE-2013-5831, CVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842,\nCVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851)\n\nAll users of java-1.7.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 7 SR6 release. All running\ninstances of IBM Java must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-11-07T05:00:00", "type": "redhat", "title": "(RHSA-2013:1507) Critical: java-1.7.0-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-3829", "CVE-2013-4041", "CVE-2013-5372", "CVE-2013-5375", "CVE-2013-5456", "CVE-2013-5457", "CVE-2013-5458", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5776", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5787", "CVE-2013-5788", "CVE-2013-5789", "CVE-2013-5790", "CVE-2013-5797", "CVE-2013-5800", "CVE-2013-5801", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5809", "CVE-2013-5812", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5818", "CVE-2013-5819", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5824", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5831", "CVE-2013-5832", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5843", "CVE-2013-5848", "CVE-2013-5849", "CVE-2013-5850", "CVE-2013-5851"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:36", "id": "RHSA-2013:1507", "href": "https://access.redhat.com/errata/RHSA-2013:1507", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-07T05:58:49", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-1jpp.2.el6_4", "arch": "i686", "packageName": "java-1.7.0-oracle-devel", "packageFilename": "java-1.7.0-oracle-devel-1.7.0.45-1jpp.2.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-1jpp.2.el6_4", "arch": "i686", "packageName": "java-1.7.0-oracle-plugin", "packageFilename": "java-1.7.0-oracle-plugin-1.7.0.45-1jpp.2.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-1jpp.2.el6_4", "arch": "i686", "packageName": "java-1.7.0-oracle-src", "packageFilename": "java-1.7.0-oracle-src-1.7.0.45-1jpp.2.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-1jpp.2.el6_4", "arch": "i686", "packageName": "java-1.7.0-oracle", "packageFilename": "java-1.7.0-oracle-1.7.0.45-1jpp.2.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-1jpp.2.el6_4", "arch": "i686", "packageName": "java-1.7.0-oracle-javafx", "packageFilename": "java-1.7.0-oracle-javafx-1.7.0.45-1jpp.2.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-1jpp.2.el6_4", "arch": "i686", "packageName": "java-1.7.0-oracle-jdbc", "packageFilename": "java-1.7.0-oracle-jdbc-1.7.0.45-1jpp.2.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-1jpp.2.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-oracle-javafx", "packageFilename": "java-1.7.0-oracle-javafx-1.7.0.45-1jpp.2.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-1jpp.2.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-oracle-plugin", "packageFilename": "java-1.7.0-oracle-plugin-1.7.0.45-1jpp.2.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-1jpp.2.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-oracle", "packageFilename": "java-1.7.0-oracle-1.7.0.45-1jpp.2.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-1jpp.2.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-oracle-devel", "packageFilename": "java-1.7.0-oracle-devel-1.7.0.45-1jpp.2.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-1jpp.2.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-oracle-jdbc", "packageFilename": "java-1.7.0-oracle-jdbc-1.7.0.45-1jpp.2.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-1jpp.2.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-oracle-src", "packageFilename": "java-1.7.0-oracle-src-1.7.0.45-1jpp.2.el6_4.x86_64.rpm", "operator": "lt"}], "description": "Oracle Java SE version 7 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section.\n(CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5775,\nCVE-2013-5776, CVE-2013-5777, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782,\nCVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789,\nCVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802,\nCVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5810, CVE-2013-5812,\nCVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820,\nCVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830,\nCVE-2013-5831, CVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842,\nCVE-2013-5843, CVE-2013-5844, CVE-2013-5846, CVE-2013-5848, CVE-2013-5849,\nCVE-2013-5850, CVE-2013-5851, CVE-2013-5852, CVE-2013-5854)\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 7 Update 45 and resolve these issues.\nAll running instances of Oracle Java must be restarted for the update to\ntake effect.\n", "reporter": "RedHat", "published": "2013-10-17T04:00:00", "type": "redhat", "title": "(RHSA-2013:1440) Critical: java-1.7.0-oracle security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-3829", "CVE-2013-4002", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5775", "CVE-2013-5776", "CVE-2013-5777", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5787", "CVE-2013-5788", "CVE-2013-5789", "CVE-2013-5790", "CVE-2013-5797", "CVE-2013-5800", "CVE-2013-5801", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5809", "CVE-2013-5810", "CVE-2013-5812", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5818", "CVE-2013-5819", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5824", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5831", "CVE-2013-5832", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5843", "CVE-2013-5844", "CVE-2013-5846", "CVE-2013-5848", "CVE-2013-5849", "CVE-2013-5850", "CVE-2013-5851", "CVE-2013-5852", "CVE-2013-5854"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:29", "id": "RHSA-2013:1440", "href": "https://access.redhat.com/errata/RHSA-2013:1440", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-07T05:58:34", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5", "arch": "src", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5", "arch": "i386", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5", "arch": "i386", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5", "arch": "s390x", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5", "arch": "s390x", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6", "arch": "x86_64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6", "arch": "x86_64", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6", "arch": "src", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6", "arch": "s390x", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6", "arch": "s390x", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6.s390x.rpm", "operator": "lt"}], "description": "This update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite Server\n5.4, 5.5 and 5.6. In a typical operating environment, these are of low\nsecurity risk as the runtime is not used on untrusted applets.\n\nSeveral flaws were fixed in the IBM Java 2 Runtime Environment.\n(CVE-2013-3829, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375, CVE-2013-5457,\nCVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780,\nCVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789,\nCVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804,\nCVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818,\nCVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825,\nCVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840,\nCVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850,\nCVE-2013-5851)\n\nUsers of Red Hat Network Satellite Server 5.4, 5.5 and 5.6 are advised to\nupgrade to these updated packages, which contain the IBM Java SE 6 SR15\nrelease. For this update to take effect, Red Hat Network Satellite Server\nmust be restarted (\"/usr/sbin/rhn-satellite restart\"), as well as all\nrunning instances of IBM Java.\n", "reporter": "RedHat", "published": "2013-12-05T05:00:00", "type": "redhat", "title": "(RHSA-2013:1793) Low: Red Hat Network Satellite server IBM Java Runtime security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-3829", "CVE-2013-4041", "CVE-2013-5372", "CVE-2013-5375", "CVE-2013-5457", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5776", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5787", "CVE-2013-5789", "CVE-2013-5797", "CVE-2013-5801", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5809", "CVE-2013-5812", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5818", "CVE-2013-5819", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5824", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5831", "CVE-2013-5832", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5843", "CVE-2013-5848", "CVE-2013-5849", "CVE-2013-5850", "CVE-2013-5851"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:02:28", "id": "RHSA-2013:1793", "href": "https://access.redhat.com/errata/RHSA-2013:1793", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-07T05:59:01", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.6.0-ibm-accessibility", "packageFilename": "java-1.6.0-ibm-accessibility-1.6.0.15.0-1jpp.1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.6.0-ibm-plugin", "packageFilename": "java-1.6.0-ibm-plugin-1.6.0.15.0-1jpp.1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "i686", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "i686", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "i686", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "i686", "packageName": "java-1.6.0-ibm-plugin", "packageFilename": "java-1.6.0-ibm-plugin-1.6.0.15.0-1jpp.1.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "i686", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "i686", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "i686", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "ppc", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "ppc", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "ppc", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "ppc", "packageName": "java-1.6.0-ibm-plugin", "packageFilename": "java-1.6.0-ibm-plugin-1.6.0.15.0-1jpp.1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "ppc64", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el5_10.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "ppc64", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el5_10.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "ppc", "packageName": "java-1.6.0-ibm-accessibility", "packageFilename": "java-1.6.0-ibm-accessibility-1.6.0.15.0-1jpp.1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "ppc", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "ppc", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "ppc", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "ppc64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5_10.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "ppc64", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5_10.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "ppc64", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el5_10.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "ppc64", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el5_10.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-ibm-accessibility", "packageFilename": "java-1.6.0-ibm-accessibility-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-ibm-plugin", "packageFilename": "java-1.6.0-ibm-plugin-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-ibm-plugin", "packageFilename": "java-1.6.0-ibm-plugin-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "ppc", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "ppc64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "ppc64", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "ppc64", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "ppc64", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "ppc64", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "ppc64", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "s390", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5_10.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "s390", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el5_10.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "s390", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5_10.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "s390", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el5_10.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "s390", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el5_10.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "s390x", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5_10.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "s390x", "packageName": "java-1.6.0-ibm-accessibility", "packageFilename": "java-1.6.0-ibm-accessibility-1.6.0.15.0-1jpp.1.el5_10.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "s390x", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el5_10.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "s390x", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5_10.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "s390x", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el5_10.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "s390x", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el5_10.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "s390", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "s390x", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "s390x", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "s390x", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "s390x", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.15.0-1jpp.1.el6_4", "arch": "s390x", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el6_4.s390x.rpm", "operator": "lt"}], "description": "IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2013-3829, CVE-2013-4041,\nCVE-2013-5372, CVE-2013-5375, CVE-2013-5457, CVE-2013-5772, CVE-2013-5774,\nCVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783,\nCVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5797, CVE-2013-5801,\nCVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812,\nCVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820,\nCVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830,\nCVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843,\nCVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 6 SR15 release. All running\ninstances of IBM Java must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-11-07T05:00:00", "type": "redhat", "title": "(RHSA-2013:1508) Critical: java-1.6.0-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-3829", "CVE-2013-4041", "CVE-2013-5372", "CVE-2013-5375", "CVE-2013-5457", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5776", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5787", "CVE-2013-5789", "CVE-2013-5797", "CVE-2013-5801", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5809", "CVE-2013-5812", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5818", "CVE-2013-5819", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5824", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5831", "CVE-2013-5832", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5843", "CVE-2013-5848", "CVE-2013-5849", "CVE-2013-5850", "CVE-2013-5851"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:27", "id": "RHSA-2013:1508", "href": "https://access.redhat.com/errata/RHSA-2013:1508", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-06T23:50:22", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.1.25-1.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "weld-core", "packageFilename": "weld-core-1.1.25-1.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-naming", "packageFilename": "jboss-as-naming-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-jsf", "packageFilename": "jboss-as-jsf-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.1.2-1.Final_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "jboss-metadata-appclient", "packageFilename": "jboss-metadata-appclient-7.1.2-1.Final_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.6.2-3.redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "cxf-xjc-boolean", "packageFilename": "cxf-xjc-boolean-2.6.2-3.redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-xts", "packageFilename": "jboss-as-xts-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-webservices", "packageFilename": "jboss-as-webservices-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.28-1.Final_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "ironjacamar-spec-api-eap6", "packageFilename": "ironjacamar-spec-api-eap6-1.0.28-1.Final_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.28-1.Final_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "ironjacamar-core-api-eap6", "packageFilename": "ironjacamar-core-api-eap6-1.0.28-1.Final_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-configadmin", "packageFilename": "jboss-as-configadmin-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-jdr", "packageFilename": "jboss-as-jdr-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-threads", "packageFilename": "jboss-as-threads-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.1.2-1.Final_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "jboss-metadata-common", "packageFilename": "jboss-metadata-common-7.1.2-1.Final_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-2.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jbossas-modules-eap", "packageFilename": "jbossas-modules-eap-7.4.2-2.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.7.12-1.SP1_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "apache-cxf", "packageFilename": "apache-cxf-2.7.12-1.SP1_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-jaxrs", "packageFilename": "jboss-as-jaxrs-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jbossas-standalone", "packageFilename": "jbossas-standalone-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-osgi-service", "packageFilename": "jboss-as-osgi-service-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.28-1.Final_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "ironjacamar-validator-eap6", "packageFilename": "ironjacamar-validator-eap6-1.0.28-1.Final_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-mail", "packageFilename": "jboss-as-mail-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.1.2-1.Final_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "jboss-metadata", "packageFilename": "jboss-metadata-7.1.2-1.Final_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.5.3-12.SP12_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "picketlink-federation", "packageFilename": "picketlink-federation-2.5.3-12.SP12_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.8-10.SP3_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "resteasy", "packageFilename": "resteasy-2.3.8-10.SP3_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.6.2-3.redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "cxf-xjc-ts", "packageFilename": "cxf-xjc-ts-2.6.2-3.redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.14-9.SP4_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "hibernate4-envers-eap6", "packageFilename": "hibernate4-envers-eap6-4.2.14-9.SP4_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-picketlink", "packageFilename": "jboss-as-picketlink-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.1.2-1.Final_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "jboss-metadata-ear", "packageFilename": "jboss-metadata-ear-7.1.2-1.Final_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.28-1.Final_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "ironjacamar-common-spi-eap6", "packageFilename": "ironjacamar-common-spi-eap6-1.0.28-1.Final_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-weld", "packageFilename": "jboss-as-weld-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-jpa", "packageFilename": "jboss-as-jpa-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-sar", "packageFilename": "jboss-as-sar-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jbossas-bundles", "packageFilename": "jbossas-bundles-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-deployment-scanner", "packageFilename": "jboss-as-deployment-scanner-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.1.2-1.Final_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "jboss-metadata-ejb", "packageFilename": "jboss-metadata-ejb-7.1.2-1.Final_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-ee-deployment", "packageFilename": "jboss-as-ee-deployment-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.6.2-3.redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "xjc-utils", "packageFilename": "xjc-utils-2.6.2-3.redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-modcluster", "packageFilename": "jboss-as-modcluster-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.6.2-3.redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "cxf-xjc-dv", "packageFilename": "cxf-xjc-dv-2.6.2-3.redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.28-1.Final_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "ironjacamar-jdbc-eap6", "packageFilename": "ironjacamar-jdbc-eap6-1.0.28-1.Final_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-protocol", "packageFilename": "jboss-as-protocol-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.28-1.Final_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "ironjacamar-common-api-eap6", "packageFilename": "ironjacamar-common-api-eap6-1.0.28-1.Final_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.28-1.Final_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "ironjacamar-eap6", "packageFilename": "ironjacamar-eap6-1.0.28-1.Final_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-client-all", "packageFilename": "jboss-as-client-all-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.14-9.SP4_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "hibernate4-entitymanager-eap6", "packageFilename": "hibernate4-entitymanager-eap6-4.2.14-9.SP4_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-osgi-configadmin", "packageFilename": "jboss-as-osgi-configadmin-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-controller", "packageFilename": "jboss-as-controller-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jbossas-product-eap", "packageFilename": "jbossas-product-eap-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-osgi", "packageFilename": "jboss-as-osgi-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.7-2.redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "xml-security", "packageFilename": "xml-security-1.5.7-2.redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-management-client-content", "packageFilename": "jboss-as-management-client-content-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-messaging", "packageFilename": "jboss-as-messaging-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.18.1-5.GA_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "javassist-eap6", "packageFilename": "javassist-eap6-3.18.1-5.GA_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-host-controller", "packageFilename": "jboss-as-host-controller-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.16-1.redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "wss4j", "packageFilename": "wss4j-1.6.16-1.redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-web", "packageFilename": "jboss-as-web-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jbossas-welcome-content-eap", "packageFilename": "jbossas-welcome-content-eap-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-version", "packageFilename": "jboss-as-version-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-ee", "packageFilename": "jboss-as-ee-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-embedded", "packageFilename": "jboss-as-embedded-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.1-1.Final_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "jbossws-common", "packageFilename": "jbossws-common-2.3.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-controller-client", "packageFilename": "jboss-as-controller-client-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-transactions", "packageFilename": "jboss-as-transactions-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.2.11-1.Final_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-console", "packageFilename": "jboss-as-console-2.2.11-1.Final_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.0.11-1.GA_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-xnio-base", "packageFilename": "jboss-xnio-base-3.0.11-1.GA_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-appclient", "packageFilename": "jboss-as-appclient-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.14-9.SP4_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "hibernate4-eap6", "packageFilename": "hibernate4-eap6-4.2.14-9.SP4_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.1.3-1.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-remoting3-jmx", "packageFilename": "jboss-remoting3-jmx-1.1.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-clustering", "packageFilename": "jboss-as-clustering-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.2-2.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-logmanager", "packageFilename": "jboss-logmanager-1.5.2-2.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-jacorb", "packageFilename": "jboss-as-jacorb-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-network", "packageFilename": "jboss-as-network-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-jmx", "packageFilename": "jboss-as-jmx-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-jaxr", "packageFilename": "jboss-as-jaxr-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.5.3-11.SP12_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "picketlink-bindings", "packageFilename": "picketlink-bindings-2.5.3-11.SP12_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-jsr77", "packageFilename": "jboss-as-jsr77-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.3.1-1.Final_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "jbossws-cxf", "packageFilename": "jbossws-cxf-4.3.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-cmp", "packageFilename": "jboss-as-cmp-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-core-security", "packageFilename": "jboss-as-core-security-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-logging", "packageFilename": "jboss-as-logging-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-system-jmx", "packageFilename": "jboss-as-system-jmx-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.6.2-3.redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "apache-cxf-xjc-utils", "packageFilename": "apache-cxf-xjc-utils-2.6.2-3.redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-2.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jbossas-javadocs", "packageFilename": "jbossas-javadocs-7.4.2-2.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.28-1.Final_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "ironjacamar-deployers-common-eap6", "packageFilename": "ironjacamar-deployers-common-eap6-1.0.28-1.Final_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-security", "packageFilename": "jboss-as-security-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.28-1.Final_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "ironjacamar-common-impl-eap6", "packageFilename": "ironjacamar-common-impl-eap6-1.0.28-1.Final_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jbossas-domain", "packageFilename": "jbossas-domain-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-server", "packageFilename": "jboss-as-server-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.14-9.SP4_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "hibernate4-core-eap6", "packageFilename": "hibernate4-core-eap6-4.2.14-9.SP4_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-pojo", "packageFilename": "jboss-as-pojo-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jbossas-core", "packageFilename": "jbossas-core-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.2.11-1.Final_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "jboss-hal", "packageFilename": "jboss-hal-2.2.11-1.Final_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.1.2-1.Final_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "jboss-metadata-web", "packageFilename": "jboss-metadata-web-7.1.2-1.Final_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jbossas-appclient", "packageFilename": "jbossas-appclient-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-remoting", "packageFilename": "jboss-as-remoting-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-connector", "packageFilename": "jboss-as-connector-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-cli", "packageFilename": "jboss-as-cli-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-process-controller", "packageFilename": "jboss-as-process-controller-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.6.10-1.Final_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "netty", "packageFilename": "netty-3.6.10-1.Final_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-domain-http", "packageFilename": "jboss-as-domain-http-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.28-1.Final_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "ironjacamar-core-impl-eap6", "packageFilename": "ironjacamar-core-impl-eap6-1.0.28-1.Final_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-domain-management", "packageFilename": "jboss-as-domain-management-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.9.1-17.redhat_6.1.ep6.el6", "arch": "noarch", "packageName": "xerces-j2-eap6", "packageFilename": "xerces-j2-eap6-2.9.1-17.redhat_6.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-platform-mbean", "packageFilename": "jboss-as-platform-mbean-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-deployment-repository", "packageFilename": "jboss-as-deployment-repository-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.14-9.SP4_redhat_1.1.ep6.el6", "arch": "noarch", "packageName": "hibernate4-infinispan-eap6", "packageFilename": "hibernate4-infinispan-eap6-4.2.14-9.SP4_redhat_1.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "jboss-as-ejb3", "packageFilename": "jboss-as-ejb3-7.4.2-3.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.7.12-1.SP1_redhat_1.1.ep6.el6", "arch": "src", "packageName": "apache-cxf", "packageFilename": "apache-cxf-2.7.12-1.SP1_redhat_1.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.6.2-3.redhat_1.1.ep6.el6", "arch": "src", "packageName": "apache-cxf-xjc-utils", "packageFilename": "apache-cxf-xjc-utils-2.6.2-3.redhat_1.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.14-9.SP4_redhat_1.1.ep6.el6", "arch": "src", "packageName": "hibernate4-eap6", "packageFilename": "hibernate4-eap6-4.2.14-9.SP4_redhat_1.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.28-1.Final_redhat_1.1.ep6.el6", "arch": "src", "packageName": "ironjacamar-eap6", "packageFilename": "ironjacamar-eap6-1.0.28-1.Final_redhat_1.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.18.1-5.GA_redhat_1.1.ep6.el6", "arch": "src", "packageName": "javassist-eap6", "packageFilename": "javassist-eap6-3.18.1-5.GA_redhat_1.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-appclient", "packageFilename": "jboss-as-appclient-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-cli", "packageFilename": "jboss-as-cli-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-client-all", "packageFilename": "jboss-as-client-all-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-clustering", "packageFilename": "jboss-as-clustering-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-cmp", "packageFilename": "jboss-as-cmp-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-configadmin", "packageFilename": "jboss-as-configadmin-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-connector", "packageFilename": "jboss-as-connector-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.2.11-1.Final_redhat_1.1.ep6.el6", "arch": "src", "packageName": "jboss-as-console", "packageFilename": "jboss-as-console-2.2.11-1.Final_redhat_1.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-controller", "packageFilename": "jboss-as-controller-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-controller-client", "packageFilename": "jboss-as-controller-client-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-core-security", "packageFilename": "jboss-as-core-security-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-deployment-repository", "packageFilename": "jboss-as-deployment-repository-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-deployment-scanner", "packageFilename": "jboss-as-deployment-scanner-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-domain-http", "packageFilename": "jboss-as-domain-http-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-domain-management", "packageFilename": "jboss-as-domain-management-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-ee", "packageFilename": "jboss-as-ee-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-ee-deployment", "packageFilename": "jboss-as-ee-deployment-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-ejb3", "packageFilename": "jboss-as-ejb3-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-embedded", "packageFilename": "jboss-as-embedded-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-host-controller", "packageFilename": "jboss-as-host-controller-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-jacorb", "packageFilename": "jboss-as-jacorb-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-jaxr", "packageFilename": "jboss-as-jaxr-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-jaxrs", "packageFilename": "jboss-as-jaxrs-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-jdr", "packageFilename": "jboss-as-jdr-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-jmx", "packageFilename": "jboss-as-jmx-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-jpa", "packageFilename": "jboss-as-jpa-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-jsf", "packageFilename": "jboss-as-jsf-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-jsr77", "packageFilename": "jboss-as-jsr77-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-logging", "packageFilename": "jboss-as-logging-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-mail", "packageFilename": "jboss-as-mail-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-management-client-content", "packageFilename": "jboss-as-management-client-content-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-messaging", "packageFilename": "jboss-as-messaging-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-modcluster", "packageFilename": "jboss-as-modcluster-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-naming", "packageFilename": "jboss-as-naming-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-network", "packageFilename": "jboss-as-network-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-osgi", "packageFilename": "jboss-as-osgi-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-osgi-configadmin", "packageFilename": "jboss-as-osgi-configadmin-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-osgi-service", "packageFilename": "jboss-as-osgi-service-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-picketlink", "packageFilename": "jboss-as-picketlink-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-platform-mbean", "packageFilename": "jboss-as-platform-mbean-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-pojo", "packageFilename": "jboss-as-pojo-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-process-controller", "packageFilename": "jboss-as-process-controller-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-protocol", "packageFilename": "jboss-as-protocol-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-remoting", "packageFilename": "jboss-as-remoting-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-sar", "packageFilename": "jboss-as-sar-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-security", "packageFilename": "jboss-as-security-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-server", "packageFilename": "jboss-as-server-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-system-jmx", "packageFilename": "jboss-as-system-jmx-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-threads", "packageFilename": "jboss-as-threads-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-transactions", "packageFilename": "jboss-as-transactions-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-version", "packageFilename": "jboss-as-version-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-web", "packageFilename": "jboss-as-web-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-webservices", "packageFilename": "jboss-as-webservices-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-weld", "packageFilename": "jboss-as-weld-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-as-xts", "packageFilename": "jboss-as-xts-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.2.11-1.Final_redhat_1.1.ep6.el6", "arch": "src", "packageName": "jboss-hal", "packageFilename": "jboss-hal-2.2.11-1.Final_redhat_1.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.2-2.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-logmanager", "packageFilename": "jboss-logmanager-1.5.2-2.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.1.2-1.Final_redhat_1.1.ep6.el6", "arch": "src", "packageName": "jboss-metadata", "packageFilename": "jboss-metadata-7.1.2-1.Final_redhat_1.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.1.3-1.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-remoting3-jmx", "packageFilename": "jboss-remoting3-jmx-1.1.3-1.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.0.11-1.GA_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jboss-xnio-base", "packageFilename": "jboss-xnio-base-3.0.11-1.GA_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jbossas-appclient", "packageFilename": "jbossas-appclient-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jbossas-bundles", "packageFilename": "jbossas-bundles-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jbossas-core", "packageFilename": "jbossas-core-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jbossas-domain", "packageFilename": "jbossas-domain-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-2.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jbossas-javadocs", "packageFilename": "jbossas-javadocs-7.4.2-2.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-2.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jbossas-modules-eap", "packageFilename": "jbossas-modules-eap-7.4.2-2.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jbossas-product-eap", "packageFilename": "jbossas-product-eap-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jbossas-standalone", "packageFilename": "jbossas-standalone-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "jbossas-welcome-content-eap", "packageFilename": "jbossas-welcome-content-eap-7.4.2-3.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.1-1.Final_redhat_1.1.ep6.el6", "arch": "src", "packageName": "jbossws-common", "packageFilename": "jbossws-common-2.3.1-1.Final_redhat_1.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.3.1-1.Final_redhat_1.1.ep6.el6", "arch": "src", "packageName": "jbossws-cxf", "packageFilename": "jbossws-cxf-4.3.1-1.Final_redhat_1.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.6.10-1.Final_redhat_1.1.ep6.el6", "arch": "src", "packageName": "netty", "packageFilename": "netty-3.6.10-1.Final_redhat_1.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.5.3-11.SP12_redhat_1.1.ep6.el6", "arch": "src", "packageName": "picketlink-bindings", "packageFilename": "picketlink-bindings-2.5.3-11.SP12_redhat_1.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.5.3-12.SP12_redhat_1.1.ep6.el6", "arch": "src", "packageName": "picketlink-federation", "packageFilename": "picketlink-federation-2.5.3-12.SP12_redhat_1.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.8-10.SP3_redhat_2.1.ep6.el6", "arch": "src", "packageName": "resteasy", "packageFilename": "resteasy-2.3.8-10.SP3_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.1.25-1.Final_redhat_2.1.ep6.el6", "arch": "src", "packageName": "weld-core", "packageFilename": "weld-core-1.1.25-1.Final_redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.16-1.redhat_2.1.ep6.el6", "arch": "src", "packageName": "wss4j", "packageFilename": "wss4j-1.6.16-1.redhat_2.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.9.1-17.redhat_6.1.ep6.el6", "arch": "src", "packageName": "xerces-j2-eap6", "packageFilename": "xerces-j2-eap6-2.9.1-17.redhat_6.1.ep6.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.7-2.redhat_1.1.ep6.el6", "arch": "src", "packageName": "xml-security", "packageFilename": "xml-security-1.5.7-2.redhat_1.1.ep6.el6.src.rpm", "operator": "lt"}], "description": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nA resource consumption issue was found in the way Xerces-J handled XML\ndeclarations. A remote attacker could use an XML document with a specially\ncrafted declaration using a long pseudo-attribute name that, when parsed by\nan application using Xerces-J, would cause that application to use an\nexcessive amount of CPU. (CVE-2013-4002)\n\nThis release of JBoss Enterprise Application Platform also includes bug\nfixes and enhancements. A list of these changes is available from the JBoss\nEnterprise Application Platform 6.3.2 Downloads page on the Customer\nPortal.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.3 on Red Hat\nEnterprise Linux 6 are advised to upgrade to these updated packages.\nThe JBoss server process must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2014-11-06T05:00:00", "type": "redhat", "title": "(RHSA-2014:1818) Moderate: Red Hat JBoss Enterprise Application Platform 6.3.2 update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-4002"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T02:41:56", "id": "RHSA-2014:1818", "href": "https://access.redhat.com/errata/RHSA-2014:1818", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-03-19T12:36:11", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.0.11-1.GA_redhat_2.1.ep6.el7", "packageName": "jboss-xnio-base", "packageFilename": "jboss-xnio-base-3.0.11-1.GA_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.0.11-1.GA_redhat_2.1.ep6.el7", "packageName": "jboss-xnio-base", "packageFilename": "jboss-xnio-base-3.0.11-1.GA_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.1.3-1.Final_redhat_2.1.ep6.el7", "packageName": "jboss-remoting3-jmx", "packageFilename": "jboss-remoting3-jmx-1.1.3-1.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.1.3-1.Final_redhat_2.1.ep6.el7", "packageName": "jboss-remoting3-jmx", "packageFilename": "jboss-remoting3-jmx-1.1.3-1.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.1.25-1.Final_redhat_2.1.ep6.el7", "packageName": "weld-core", "packageFilename": "weld-core-1.1.25-1.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.1.25-1.Final_redhat_2.1.ep6.el7", "packageName": "weld-core", "packageFilename": "weld-core-1.1.25-1.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.6.10-1.Final_redhat_1.1.ep6.el7", "packageName": "netty", "packageFilename": "netty-3.6.10-1.Final_redhat_1.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.6.10-1.Final_redhat_1.1.ep6.el7", "packageName": "netty", "packageFilename": "netty-3.6.10-1.Final_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.9.1-17.redhat_6.1.ep6.el7", "packageName": "xerces-j2-eap6", "packageFilename": "xerces-j2-eap6-2.9.1-17.redhat_6.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.9.1-17.redhat_6.1.ep6.el7", "packageName": "xerces-j2-eap6", "packageFilename": "xerces-j2-eap6-2.9.1-17.redhat_6.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.6.2-3.redhat_1.1.ep6.el7", "packageName": "apache-cxf-xjc-utils", "packageFilename": "apache-cxf-xjc-utils-2.6.2-3.redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.6.2-3.redhat_1.1.ep6.el7", "packageName": "apache-cxf-xjc-utils", "packageFilename": "apache-cxf-xjc-utils-2.6.2-3.redhat_1.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.6.2-3.redhat_1.1.ep6.el7", "packageName": "cxf-xjc-dv", "packageFilename": "cxf-xjc-dv-2.6.2-3.redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.6.2-3.redhat_1.1.ep6.el7", "packageName": "cxf-xjc-boolean", "packageFilename": "cxf-xjc-boolean-2.6.2-3.redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.6.2-3.redhat_1.1.ep6.el7", "packageName": "xjc-utils", "packageFilename": "xjc-utils-2.6.2-3.redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.6.2-3.redhat_1.1.ep6.el7", "packageName": "cxf-xjc-ts", "packageFilename": "cxf-xjc-ts-2.6.2-3.redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.5.7-2.redhat_1.1.ep6.el7", "packageName": "xml-security", "packageFilename": "xml-security-1.5.7-2.redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.5.7-2.redhat_1.1.ep6.el7", "packageName": "xml-security", "packageFilename": "xml-security-1.5.7-2.redhat_1.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.1.2-1.Final_redhat_1.1.ep6.el7", "packageName": "jboss-metadata-ear", "packageFilename": "jboss-metadata-ear-7.1.2-1.Final_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.1.2-1.Final_redhat_1.1.ep6.el7", "packageName": "jboss-metadata-ejb", "packageFilename": "jboss-metadata-ejb-7.1.2-1.Final_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.1.2-1.Final_redhat_1.1.ep6.el7", "packageName": "jboss-metadata-common", "packageFilename": "jboss-metadata-common-7.1.2-1.Final_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.1.2-1.Final_redhat_1.1.ep6.el7", "packageName": "jboss-metadata-appclient", "packageFilename": "jboss-metadata-appclient-7.1.2-1.Final_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.1.2-1.Final_redhat_1.1.ep6.el7", "packageName": "jboss-metadata-web", "packageFilename": "jboss-metadata-web-7.1.2-1.Final_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.1.2-1.Final_redhat_1.1.ep6.el7", "packageName": "jboss-metadata", "packageFilename": "jboss-metadata-7.1.2-1.Final_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.1.2-1.Final_redhat_1.1.ep6.el7", "packageName": "jboss-metadata", "packageFilename": "jboss-metadata-7.1.2-1.Final_redhat_1.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.5.2-2.Final_redhat_2.1.ep6.el7", "packageName": "jboss-logmanager", "packageFilename": "jboss-logmanager-1.5.2-2.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.5.2-2.Final_redhat_2.1.ep6.el7", "packageName": "jboss-logmanager", "packageFilename": "jboss-logmanager-1.5.2-2.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.2.11-1.Final_redhat_1.1.ep6.el7", "packageName": "jboss-as-console", "packageFilename": "jboss-as-console-2.2.11-1.Final_redhat_1.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.2.11-1.Final_redhat_1.1.ep6.el7", "packageName": "jboss-as-console", "packageFilename": "jboss-as-console-2.2.11-1.Final_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.2.11-1.Final_redhat_1.1.ep6.el7", "packageName": "jboss-hal", "packageFilename": "jboss-hal-2.2.11-1.Final_redhat_1.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.2.11-1.Final_redhat_1.1.ep6.el7", "packageName": "jboss-hal", "packageFilename": "jboss-hal-2.2.11-1.Final_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.16-1.redhat_2.1.ep6.el7", "packageName": "wss4j", "packageFilename": "wss4j-1.6.16-1.redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.6.16-1.redhat_2.1.ep6.el7", "packageName": "wss4j", "packageFilename": "wss4j-1.6.16-1.redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.3.1-1.Final_redhat_1.1.ep6.el7", "packageName": "jbossws-common", "packageFilename": "jbossws-common-2.3.1-1.Final_redhat_1.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.3.1-1.Final_redhat_1.1.ep6.el7", "packageName": "jbossws-common", "packageFilename": "jbossws-common-2.3.1-1.Final_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.2.14-9.SP4_redhat_1.1.ep6.el7", "packageName": "hibernate4-infinispan-eap6", "packageFilename": "hibernate4-infinispan-eap6-4.2.14-9.SP4_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.2.14-9.SP4_redhat_1.1.ep6.el7", "packageName": "hibernate4-entitymanager-eap6", "packageFilename": "hibernate4-entitymanager-eap6-4.2.14-9.SP4_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.2.14-9.SP4_redhat_1.1.ep6.el7", "packageName": "hibernate4-eap6", "packageFilename": "hibernate4-eap6-4.2.14-9.SP4_redhat_1.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.2.14-9.SP4_redhat_1.1.ep6.el7", "packageName": "hibernate4-eap6", "packageFilename": "hibernate4-eap6-4.2.14-9.SP4_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.2.14-9.SP4_redhat_1.1.ep6.el7", "packageName": "hibernate4-core-eap6", "packageFilename": "hibernate4-core-eap6-4.2.14-9.SP4_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.2.14-9.SP4_redhat_1.1.ep6.el7", "packageName": "hibernate4-envers-eap6", "packageFilename": "hibernate4-envers-eap6-4.2.14-9.SP4_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.12-1.SP1_redhat_1.1.ep6.el7", "packageName": "apache-cxf", "packageFilename": "apache-cxf-2.7.12-1.SP1_redhat_1.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.12-1.SP1_redhat_1.1.ep6.el7", "packageName": "apache-cxf", "packageFilename": "apache-cxf-2.7.12-1.SP1_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.3.1-1.Final_redhat_1.1.ep6.el7", "packageName": "jbossws-cxf", "packageFilename": "jbossws-cxf-4.3.1-1.Final_redhat_1.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.3.1-1.Final_redhat_1.1.ep6.el7", "packageName": "jbossws-cxf", "packageFilename": "jbossws-cxf-4.3.1-1.Final_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.0.28-1.Final_redhat_1.1.ep6.el7", "packageName": "ironjacamar-eap6", "packageFilename": "ironjacamar-eap6-1.0.28-1.Final_redhat_1.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.0.28-1.Final_redhat_1.1.ep6.el7", "packageName": "ironjacamar-eap6", "packageFilename": "ironjacamar-eap6-1.0.28-1.Final_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.0.28-1.Final_redhat_1.1.ep6.el7", "packageName": "ironjacamar-jdbc-eap6", "packageFilename": "ironjacamar-jdbc-eap6-1.0.28-1.Final_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.0.28-1.Final_redhat_1.1.ep6.el7", "packageName": "ironjacamar-common-spi-eap6", "packageFilename": "ironjacamar-common-spi-eap6-1.0.28-1.Final_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.0.28-1.Final_redhat_1.1.ep6.el7", "packageName": "ironjacamar-deployers-common-eap6", "packageFilename": "ironjacamar-deployers-common-eap6-1.0.28-1.Final_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.0.28-1.Final_redhat_1.1.ep6.el7", "packageName": "ironjacamar-common-impl-eap6", "packageFilename": "ironjacamar-common-impl-eap6-1.0.28-1.Final_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.0.28-1.Final_redhat_1.1.ep6.el7", "packageName": "ironjacamar-spec-api-eap6", "packageFilename": "ironjacamar-spec-api-eap6-1.0.28-1.Final_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.0.28-1.Final_redhat_1.1.ep6.el7", "packageName": "ironjacamar-common-api-eap6", "packageFilename": "ironjacamar-common-api-eap6-1.0.28-1.Final_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.0.28-1.Final_redhat_1.1.ep6.el7", "packageName": "ironjacamar-validator-eap6", "packageFilename": "ironjacamar-validator-eap6-1.0.28-1.Final_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.0.28-1.Final_redhat_1.1.ep6.el7", "packageName": "ironjacamar-core-api-eap6", "packageFilename": "ironjacamar-core-api-eap6-1.0.28-1.Final_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.0.28-1.Final_redhat_1.1.ep6.el7", "packageName": "ironjacamar-core-impl-eap6", "packageFilename": "ironjacamar-core-impl-eap6-1.0.28-1.Final_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.5.3-12.SP12_redhat_1.1.ep6.el7", "packageName": "picketlink-federation", "packageFilename": "picketlink-federation-2.5.3-12.SP12_redhat_1.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.5.3-12.SP12_redhat_1.1.ep6.el7", "packageName": "picketlink-federation", "packageFilename": "picketlink-federation-2.5.3-12.SP12_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.5.3-11.SP12_redhat_1.1.ep6.el7", "packageName": "picketlink-bindings", "packageFilename": "picketlink-bindings-2.5.3-11.SP12_redhat_1.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.5.3-11.SP12_redhat_1.1.ep6.el7", "packageName": "picketlink-bindings", "packageFilename": "picketlink-bindings-2.5.3-11.SP12_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.18.1-5.GA_redhat_1.1.ep6.el7", "packageName": "javassist-eap6", "packageFilename": "javassist-eap6-3.18.1-5.GA_redhat_1.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.18.1-5.GA_redhat_1.1.ep6.el7", "packageName": "javassist-eap6", "packageFilename": "javassist-eap6-3.18.1-5.GA_redhat_1.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.3.8-10.SP3_redhat_2.1.ep6.el7", "packageName": "resteasy", "packageFilename": "resteasy-2.3.8-10.SP3_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.3.8-10.SP3_redhat_2.1.ep6.el7", "packageName": "resteasy", "packageFilename": "resteasy-2.3.8-10.SP3_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-2.Final_redhat_2.1.ep6.el7", "packageName": "jbossas-javadocs", "packageFilename": "jbossas-javadocs-7.4.2-2.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-2.Final_redhat_2.1.ep6.el7", "packageName": "jbossas-javadocs", "packageFilename": "jbossas-javadocs-7.4.2-2.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-protocol", "packageFilename": "jboss-as-protocol-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-protocol", "packageFilename": "jboss-as-protocol-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-deployment-scanner", "packageFilename": "jboss-as-deployment-scanner-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-deployment-scanner", "packageFilename": "jboss-as-deployment-scanner-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-embedded", "packageFilename": "jboss-as-embedded-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-embedded", "packageFilename": "jboss-as-embedded-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-osgi-configadmin", "packageFilename": "jboss-as-osgi-configadmin-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-osgi-configadmin", "packageFilename": "jboss-as-osgi-configadmin-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-ee", "packageFilename": "jboss-as-ee-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-ee", "packageFilename": "jboss-as-ee-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-configadmin", "packageFilename": "jboss-as-configadmin-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-configadmin", "packageFilename": "jboss-as-configadmin-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-core-security", "packageFilename": "jboss-as-core-security-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-core-security", "packageFilename": "jboss-as-core-security-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-security", "packageFilename": "jboss-as-security-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-security", "packageFilename": "jboss-as-security-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-appclient", "packageFilename": "jboss-as-appclient-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-appclient", "packageFilename": "jboss-as-appclient-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-picketlink", "packageFilename": "jboss-as-picketlink-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-picketlink", "packageFilename": "jboss-as-picketlink-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-system-jmx", "packageFilename": "jboss-as-system-jmx-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-system-jmx", "packageFilename": "jboss-as-system-jmx-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-threads", "packageFilename": "jboss-as-threads-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-threads", "packageFilename": "jboss-as-threads-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-jmx", "packageFilename": "jboss-as-jmx-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-jmx", "packageFilename": "jboss-as-jmx-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-webservices", "packageFilename": "jboss-as-webservices-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-webservices", "packageFilename": "jboss-as-webservices-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-mail", "packageFilename": "jboss-as-mail-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-mail", "packageFilename": "jboss-as-mail-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-deployment-repository", "packageFilename": "jboss-as-deployment-repository-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-deployment-repository", "packageFilename": "jboss-as-deployment-repository-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-jacorb", "packageFilename": "jboss-as-jacorb-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-jacorb", "packageFilename": "jboss-as-jacorb-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-osgi", "packageFilename": "jboss-as-osgi-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-osgi", "packageFilename": "jboss-as-osgi-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-domain-management", "packageFilename": "jboss-as-domain-management-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-domain-management", "packageFilename": "jboss-as-domain-management-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-host-controller", "packageFilename": "jboss-as-host-controller-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-host-controller", "packageFilename": "jboss-as-host-controller-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-jpa", "packageFilename": "jboss-as-jpa-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-jpa", "packageFilename": "jboss-as-jpa-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-cli", "packageFilename": "jboss-as-cli-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-cli", "packageFilename": "jboss-as-cli-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-web", "packageFilename": "jboss-as-web-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-web", "packageFilename": "jboss-as-web-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-client-all", "packageFilename": "jboss-as-client-all-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-client-all", "packageFilename": "jboss-as-client-all-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-xts", "packageFilename": "jboss-as-xts-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-xts", "packageFilename": "jboss-as-xts-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-version", "packageFilename": "jboss-as-version-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-version", "packageFilename": "jboss-as-version-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-cmp", "packageFilename": "jboss-as-cmp-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-cmp", "packageFilename": "jboss-as-cmp-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-connector", "packageFilename": "jboss-as-connector-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-connector", "packageFilename": "jboss-as-connector-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-network", "packageFilename": "jboss-as-network-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-network", "packageFilename": "jboss-as-network-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-messaging", "packageFilename": "jboss-as-messaging-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-messaging", "packageFilename": "jboss-as-messaging-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-transactions", "packageFilename": "jboss-as-transactions-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-transactions", "packageFilename": "jboss-as-transactions-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-jsf", "packageFilename": "jboss-as-jsf-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-jsf", "packageFilename": "jboss-as-jsf-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-controller-client", "packageFilename": "jboss-as-controller-client-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-controller-client", "packageFilename": "jboss-as-controller-client-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-ee-deployment", "packageFilename": "jboss-as-ee-deployment-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-ee-deployment", "packageFilename": "jboss-as-ee-deployment-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-jsr77", "packageFilename": "jboss-as-jsr77-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-jsr77", "packageFilename": "jboss-as-jsr77-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-server", "packageFilename": "jboss-as-server-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-server", "packageFilename": "jboss-as-server-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-naming", "packageFilename": "jboss-as-naming-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-naming", "packageFilename": "jboss-as-naming-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-management-client-content", "packageFilename": "jboss-as-management-client-content-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-management-client-content", "packageFilename": "jboss-as-management-client-content-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-logging", "packageFilename": "jboss-as-logging-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-logging", "packageFilename": "jboss-as-logging-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-remoting", "packageFilename": "jboss-as-remoting-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-remoting", "packageFilename": "jboss-as-remoting-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-platform-mbean", "packageFilename": "jboss-as-platform-mbean-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-platform-mbean", "packageFilename": "jboss-as-platform-mbean-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-jaxrs", "packageFilename": "jboss-as-jaxrs-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-jaxrs", "packageFilename": "jboss-as-jaxrs-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-modcluster", "packageFilename": "jboss-as-modcluster-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-modcluster", "packageFilename": "jboss-as-modcluster-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-process-controller", "packageFilename": "jboss-as-process-controller-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-process-controller", "packageFilename": "jboss-as-process-controller-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-osgi-service", "packageFilename": "jboss-as-osgi-service-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-osgi-service", "packageFilename": "jboss-as-osgi-service-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-controller", "packageFilename": "jboss-as-controller-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-controller", "packageFilename": "jboss-as-controller-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-pojo", "packageFilename": "jboss-as-pojo-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-pojo", "packageFilename": "jboss-as-pojo-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-jdr", "packageFilename": "jboss-as-jdr-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-jdr", "packageFilename": "jboss-as-jdr-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-clustering", "packageFilename": "jboss-as-clustering-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-clustering", "packageFilename": "jboss-as-clustering-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-jaxr", "packageFilename": "jboss-as-jaxr-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-jaxr", "packageFilename": "jboss-as-jaxr-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-domain-http", "packageFilename": "jboss-as-domain-http-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-domain-http", "packageFilename": "jboss-as-domain-http-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-sar", "packageFilename": "jboss-as-sar-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-sar", "packageFilename": "jboss-as-sar-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-weld", "packageFilename": "jboss-as-weld-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-weld", "packageFilename": "jboss-as-weld-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-ejb3", "packageFilename": "jboss-as-ejb3-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jboss-as-ejb3", "packageFilename": "jboss-as-ejb3-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jbossas-product-eap", "packageFilename": "jbossas-product-eap-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jbossas-product-eap", "packageFilename": "jbossas-product-eap-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jbossas-appclient", "packageFilename": "jbossas-appclient-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jbossas-appclient", "packageFilename": "jbossas-appclient-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jbossas-domain", "packageFilename": "jbossas-domain-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jbossas-domain", "packageFilename": "jbossas-domain-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jbossas-standalone", "packageFilename": "jbossas-standalone-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jbossas-standalone", "packageFilename": "jbossas-standalone-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jbossas-welcome-content-eap", "packageFilename": "jbossas-welcome-content-eap-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jbossas-welcome-content-eap", "packageFilename": "jbossas-welcome-content-eap-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jbossas-bundles", "packageFilename": "jbossas-bundles-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jbossas-bundles", "packageFilename": "jbossas-bundles-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jbossas-core", "packageFilename": "jbossas-core-7.4.2-3.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el7", "packageName": "jbossas-core", "packageFilename": "jbossas-core-7.4.2-3.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-2.Final_redhat_2.1.ep6.el7", "packageName": "jbossas-modules-eap", "packageFilename": "jbossas-modules-eap-7.4.2-2.Final_redhat_2.1.ep6.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.4.2-2.Final_redhat_2.1.ep6.el7", "packageName": "jbossas-modules-eap", "packageFilename": "jbossas-modules-eap-7.4.2-2.Final_redhat_2.1.ep6.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}], "description": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nA resource consumption issue was found in the way Xerces-J handled XML\ndeclarations. A remote attacker could use an XML document with a specially\ncrafted declaration using a long pseudo-attribute name that, when parsed by\nan application using Xerces-J, would cause that application to use an\nexcessive amount of CPU. (CVE-2013-4002)\n\nThis release of JBoss Enterprise Application Platform also includes bug\nfixes and enhancements. A list of these changes is available from the JBoss\nEnterprise Application Platform 6.3.2 Downloads page on the Customer\nPortal.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.3 on Red Hat\nEnterprise Linux 7 are advised to upgrade to these updated packages.\nThe JBoss server process must be restarted for the update to take effect.", "reporter": "RedHat", "published": "2014-11-06T21:38:07", "type": "redhat", "title": "(RHSA-2014:1822) Moderate: Red Hat JBoss Enterprise Application Platform 6.3.2 update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-4002"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-03-19T16:13:49", "id": "RHSA-2014:1822", "href": "https://access.redhat.com/errata/RHSA-2014:1822", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:40:08", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.0.1.el5_10.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.0.1.el5_10.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.0.1.el5_10.i386.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.0.1.el5_10.i386.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.0.1.el5_10.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.0.1.el5_10.i386.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.0.1.el5_10.i386.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.0.1.el5_10.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.0.1.el5_10.i386.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.0.1.el5_10.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.0.1.el5_10.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.0.1.el5_10.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}], "description": "[1:1.6.0.0-1.68.1.11.14]\n- updated to icedtea6-1.11.14.tar.gz\n- added and applied 1.11.14-fixes.patch, patch10 to fix build issues\n- adapted patch8 java-1.6.0-openjdk-timezone-id.patch\n- Resolves: rhbz#1017618\n[1:1.6.0.1-1.67.1.13.0]\n- reverted previous update\n- Resolves: rhbz#1017618\n[1:1.6.0.1-1.66.1.13.0]\n- updated to icedtea 1.13\n- updated to openjdk-6-src-b28-04_oct_2013\n- added --disable-lcms2 configure switch to fix tck\n- removed upstreamed patch7,java-1.6.0-openjdk-jstack.patch\n- added patch7 1.13_fixes.patch to fix 1.13 build issues\n- adapted patch0 java-1.6.0-openjdk-optflags.patch\n- adapted patch3 java-1.6.0-openjdk-java-access-bridge-security.patch\n- adapted patch8 java-1.6.0-openjdk-timezone-id.patch\n- removed useless runtests parts\n- included also java.security.old files\n- Resolves: rhbz#1017618", "edition": 3, "reporter": "Oracle", "published": "2013-11-05T00:00:00", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-11-05T00:00:00", "id": "ELSA-2013-1505", "href": "http://linux.oracle.com/errata/ELSA-2013-1505.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:37:45", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.0.1.el5_10.i386.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.0.1.el5_10.x86_64.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.1.0.1.el5_10.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.0.1.el5_10.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.0.1.el5_10.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.0.1.el5_10.i386.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.0.1.el5_10.i386.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.0.1.el5_10.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.1.0.1.el5_10.i386.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.1.0.1.el5_10.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.1.0.1.el5_10.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.0.1.el5_10.i386.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}], "description": "[1.7.0.45-2.4.3.1.0.1.el5_10]\n- Add oracle-enterprise.patch\n- Fix DISTRO_NAME to 'Enterprise Linux'\n[1.7.0.45-2.4.3.1.el5]\n- Updated to icedtea 2.4.3\n- Resolves: rhbz#1017623\n[1.7.0.45-2.4.3.0.el5]\n- fixed and updated tapset\n- removed bootstrap\n- source 11 redeclared to 1111\n- added source12: TestCryptoLevel.java\n- removed upstreamed patch103 java-1.7.0-openjdk-arm-fixes.patch\n- removed unnecessary patch112 java-1.7.0-openjdk-doNotUseDisabledEcc.patch\n- added patch120: java-1.7.0-openjdk-freetype-check-fix.patch\n- fixed nss\n- cleaned sources\n- Resolves: rhbz#1017623\n[1.7.0.25-2.4.1.4.el5]\n- updated to icedtea 2.4.1\n- improoved handling of patch111 - nss-config-2.patch\n- backported uniquesuffix from 6.5\n- Resolves: rhbz#978421", "edition": 3, "reporter": "Oracle", "published": "2013-10-21T00:00:00", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-10-21T00:00:00", "id": "ELSA-2013-1447", "href": "http://linux.oracle.com/errata/ELSA-2013-1447.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:46:59", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.0.1.el6_4.i686.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.0.1.el6_4.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.0.1.el6_4.i686.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.0.1.el6_4.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.0.1.el6_4.i686.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.0.1.el6_4.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.0.1.el6_4.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.0.1.el6_4.i686.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "noarch", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.2.0.1.el6_4.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "noarch", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.2.0.1.el6_4.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.0.1.el6_4.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.0.1.el6_4.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}], "description": "[1.7.0.45-2.4.3.2.0.1.el6]\n- Update DISTRO_NAME in specfile\n[1.7.0.40-2.4.3.1.el6]\n- sync with rhel 6.5 to icedtea 2.4 because of pernament tck failures\n - nss kept disabled\n- Resolves: rhbz#1017626\n[1.7.0.25-2.3.13.4.el6]\n- added back patch408 tck20131015_5.patch, to resolve one of tck failures\n- Resolves: rhbz#1017626\n[1.7.0.25-2.3.13.3.el6]\n- added back patch404 tck20131015_1.patch, to resolve one of tck failures\n- added back patch405 tck20131015_2.patch, to resolve one of tck failures\n- added back patch406 tck20131015_3.patch, to resolve one of tck failures (modified)\n- added back patch407 tck20131015_4.patch, to resolve one of tck failures\n- Resolves: rhbz#1017626\n[1.7.0.25-2.3.13.2.el6]\n- updated to newer security tarball of 2.3.13\n- removed patch405 tck20131015_2.patch, no longer necessary to fix tck failures\n- removed patch406 tck20131015_3.patch, no longer necessary to fix tck failures\n- removed patch407 tck20131015_4.patch, no longer necessary to fix tck failures\n- Resolves: rhbz#1017626\n[1.7.0.25-2.3.13.1.el6]\n- removed useless patch404 tck20131015_1.patch\n- added patch405 tck20131015_2.patch, to resolve one of tck failures\n- added patch406 tck20131015_3.patch, to resolve one of tck failures\n- added patch407 tck20131015_4.patch, to resolve one of tck failures\n- Resolves: rhbz#1017626\n[1.7.0.25-2.3.13.0.el6]\n- security update to 2.3.13\n- adapted java-1.7.0-openjdk-disable-system-lcms.patch (and redeclared to 105)\n- removed bootstrap\n- fixed nss\n- fixed buildver and updatever (Set to 25,30)\n- moved to xz compression of sources\n- all patches moved correctly to prep\n- added patch404 tck20131015_1.patch, to resolve one of tck failures\n- Resolves: rhbz#1017626", "edition": 3, "reporter": "Oracle", "published": "2013-10-22T00:00:00", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-10-22T00:00:00", "id": "ELSA-2013-1451", "href": "http://linux.oracle.com/errata/ELSA-2013-1451.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:41:47", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.11.0-17.el7_0", "arch": "noarch", "packageFilename": "xerces-j2-2.11.0-17.el7_0.noarch.rpm", "packageName": "xerces-j2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageFilename": "xerces-j2-javadoc-xni-2.7.1-12.7.el6_5.i686.rpm", "packageName": "xerces-j2-javadoc-xni", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.11.0-17.el7_0", "arch": "noarch", "packageFilename": "xerces-j2-javadoc-2.11.0-17.el7_0.noarch.rpm", "packageName": "xerces-j2-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageFilename": "xerces-j2-demo-2.7.1-12.7.el6_5.x86_64.rpm", "packageName": "xerces-j2-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageFilename": "xerces-j2-javadoc-other-2.7.1-12.7.el6_5.i686.rpm", "packageName": "xerces-j2-javadoc-other", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageFilename": "xerces-j2-demo-2.7.1-12.7.el6_5.i686.rpm", "packageName": "xerces-j2-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageFilename": "xerces-j2-2.7.1-12.7.el6_5.i686.rpm", "packageName": "xerces-j2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageFilename": "xerces-j2-javadoc-impl-2.7.1-12.7.el6_5.i686.rpm", "packageName": "xerces-j2-javadoc-impl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.11.0-17.el7_0", "arch": "src", "packageFilename": "xerces-j2-2.11.0-17.el7_0.src.rpm", "packageName": "xerces-j2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageFilename": "xerces-j2-2.7.1-12.7.el6_5.x86_64.rpm", "packageName": "xerces-j2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageFilename": "xerces-j2-javadoc-other-2.7.1-12.7.el6_5.x86_64.rpm", "packageName": "xerces-j2-javadoc-other", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageFilename": "xerces-j2-javadoc-impl-2.7.1-12.7.el6_5.x86_64.rpm", "packageName": "xerces-j2-javadoc-impl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageFilename": "xerces-j2-scripts-2.7.1-12.7.el6_5.x86_64.rpm", "packageName": "xerces-j2-scripts", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.11.0-17.el7_0", "arch": "noarch", "packageFilename": "xerces-j2-demo-2.11.0-17.el7_0.noarch.rpm", "packageName": "xerces-j2-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageFilename": "xerces-j2-javadoc-xni-2.7.1-12.7.el6_5.x86_64.rpm", "packageName": "xerces-j2-javadoc-xni", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageFilename": "xerces-j2-javadoc-apis-2.7.1-12.7.el6_5.i686.rpm", "packageName": "xerces-j2-javadoc-apis", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageFilename": "xerces-j2-javadoc-apis-2.7.1-12.7.el6_5.x86_64.rpm", "packageName": "xerces-j2-javadoc-apis", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "src", "packageFilename": "xerces-j2-2.7.1-12.7.el6_5.src.rpm", "packageName": "xerces-j2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "src", "packageFilename": "xerces-j2-2.7.1-12.7.el6_5.src.rpm", "packageName": "xerces-j2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageFilename": "xerces-j2-scripts-2.7.1-12.7.el6_5.i686.rpm", "packageName": "xerces-j2-scripts", "operator": "lt"}], "description": "[2.11.0-17]\n- Fix XML parsing bug (JAXP, 8017298)\n- Resolves: CVE-2013-4002", "edition": 3, "reporter": "Oracle", "published": "2014-09-29T00:00:00", "title": "xerces-j2 security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-4002"], "modified": "2014-09-29T00:00:00", "id": "ELSA-2014-1319", "href": "http://linux.oracle.com/errata/ELSA-2014-1319.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:20", "references": ["https://rhn.redhat.com/errata/RHSA-2013-1505.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-65.1.11.14.57.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-65.1.11.14.57.amzn1.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-65.1.11.14.57.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-65.1.11.14.57.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-65.1.11.14.57.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-65.1.11.14.57.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-65.1.11.14.57.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-65.1.11.14.57.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-65.1.11.14.57.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-65.1.11.14.57.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-65.1.11.14.57.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-65.1.11.14.57.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-65.1.11.14.57.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}], "description": "**Issue Overview:**\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. ([CVE-2013-5782 __](<https://access.redhat.com/security/cve/CVE-2013-5782>))\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. ([CVE-2013-5830 __](<https://access.redhat.com/security/cve/CVE-2013-5830>))\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2013-5829 __](<https://access.redhat.com/security/cve/CVE-2013-5829>), [CVE-2013-5814 __](<https://access.redhat.com/security/cve/CVE-2013-5814>), [CVE-2013-5817 __](<https://access.redhat.com/security/cve/CVE-2013-5817>), [CVE-2013-5842 __](<https://access.redhat.com/security/cve/CVE-2013-5842>), [CVE-2013-5850 __](<https://access.redhat.com/security/cve/CVE-2013-5850>))\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions. ([CVE-2013-5809 __](<https://access.redhat.com/security/cve/CVE-2013-5809>))\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. ([CVE-2013-5802 __](<https://access.redhat.com/security/cve/CVE-2013-5802>))\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. ([CVE-2013-5825 __](<https://access.redhat.com/security/cve/CVE-2013-5825>), [CVE-2013-4002 __](<https://access.redhat.com/security/cve/CVE-2013-4002>), [CVE-2013-5823 __](<https://access.redhat.com/security/cve/CVE-2013-5823>))\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. ([CVE-2013-3829 __](<https://access.redhat.com/security/cve/CVE-2013-3829>), [CVE-2013-5840 __](<https://access.redhat.com/security/cve/CVE-2013-5840>), [CVE-2013-5774 __](<https://access.redhat.com/security/cve/CVE-2013-5774>), [CVE-2013-5783 __](<https://access.redhat.com/security/cve/CVE-2013-5783>), [CVE-2013-5820 __](<https://access.redhat.com/security/cve/CVE-2013-5820>), [CVE-2013-5849 __](<https://access.redhat.com/security/cve/CVE-2013-5849>), [CVE-2013-5790 __](<https://access.redhat.com/security/cve/CVE-2013-5790>), [CVE-2013-5784 __](<https://access.redhat.com/security/cve/CVE-2013-5784>))\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. ([CVE-2013-5778 __](<https://access.redhat.com/security/cve/CVE-2013-5778>))\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks. ([CVE-2013-5804 __](<https://access.redhat.com/security/cve/CVE-2013-5804>), [CVE-2013-5797 __](<https://access.redhat.com/security/cve/CVE-2013-5797>))\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. ([CVE-2013-5780 __](<https://access.redhat.com/security/cve/CVE-2013-5780>))\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. ([CVE-2013-5772 __](<https://access.redhat.com/security/cve/CVE-2013-5772>))\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. ([CVE-2013-5803 __](<https://access.redhat.com/security/cve/CVE-2013-5803>))\n\n \n**Affected Packages:** \n\n\njava-1.6.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.6.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.6.0-openjdk-debuginfo-1.6.0.0-65.1.11.14.57.amzn1.i686 \n java-1.6.0-openjdk-devel-1.6.0.0-65.1.11.14.57.amzn1.i686 \n java-1.6.0-openjdk-1.6.0.0-65.1.11.14.57.amzn1.i686 \n java-1.6.0-openjdk-javadoc-1.6.0.0-65.1.11.14.57.amzn1.i686 \n java-1.6.0-openjdk-src-1.6.0.0-65.1.11.14.57.amzn1.i686 \n java-1.6.0-openjdk-demo-1.6.0.0-65.1.11.14.57.amzn1.i686 \n \n src: \n java-1.6.0-openjdk-1.6.0.0-65.1.11.14.57.amzn1.src \n \n x86_64: \n java-1.6.0-openjdk-1.6.0.0-65.1.11.14.57.amzn1.x86_64 \n java-1.6.0-openjdk-src-1.6.0.0-65.1.11.14.57.amzn1.x86_64 \n java-1.6.0-openjdk-demo-1.6.0.0-65.1.11.14.57.amzn1.x86_64 \n java-1.6.0-openjdk-javadoc-1.6.0.0-65.1.11.14.57.amzn1.x86_64 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-65.1.11.14.57.amzn1.x86_64 \n java-1.6.0-openjdk-devel-1.6.0.0-65.1.11.14.57.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-09-16T21:54:00", "title": "Important: java-1.6.0-openjdk", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:20", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2014-09-16T21:54:00", "id": "ALAS-2013-246", "href": "https://alas.aws.amazon.com/ALAS-2013-246.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T16:55:16", "references": ["https://rhn.redhat.com/errata/RHSA-2013-1451.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.32.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.32.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.32.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.32.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.32.amzn1.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.32.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.32.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "noarch", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.2.32.amzn1.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.32.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.32.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.32.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.32.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-debuginfo", "operator": "lt"}], "description": "**Issue Overview:**\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. ([CVE-2013-5782 __](<https://access.redhat.com/security/cve/CVE-2013-5782>))\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. ([CVE-2013-5830 __](<https://access.redhat.com/security/cve/CVE-2013-5830>))\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2013-5829 __](<https://access.redhat.com/security/cve/CVE-2013-5829>), [CVE-2013-5814 __](<https://access.redhat.com/security/cve/CVE-2013-5814>), [CVE-2013-5817 __](<https://access.redhat.com/security/cve/CVE-2013-5817>), [CVE-2013-5842 __](<https://access.redhat.com/security/cve/CVE-2013-5842>), [CVE-2013-5850 __](<https://access.redhat.com/security/cve/CVE-2013-5850>), [CVE-2013-5838 __](<https://access.redhat.com/security/cve/CVE-2013-5838>))\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions. ([CVE-2013-5809 __](<https://access.redhat.com/security/cve/CVE-2013-5809>))\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. ([CVE-2013-5802 __](<https://access.redhat.com/security/cve/CVE-2013-5802>))\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. ([CVE-2013-5825 __](<https://access.redhat.com/security/cve/CVE-2013-5825>), [CVE-2013-4002 __](<https://access.redhat.com/security/cve/CVE-2013-4002>), [CVE-2013-5823 __](<https://access.redhat.com/security/cve/CVE-2013-5823>))\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. ([CVE-2013-3829 __](<https://access.redhat.com/security/cve/CVE-2013-3829>), [CVE-2013-5840 __](<https://access.redhat.com/security/cve/CVE-2013-5840>), [CVE-2013-5774 __](<https://access.redhat.com/security/cve/CVE-2013-5774>), [CVE-2013-5783 __](<https://access.redhat.com/security/cve/CVE-2013-5783>), [CVE-2013-5820 __](<https://access.redhat.com/security/cve/CVE-2013-5820>), [CVE-2013-5851 __](<https://access.redhat.com/security/cve/CVE-2013-5851>), [CVE-2013-5800 __](<https://access.redhat.com/security/cve/CVE-2013-5800>), [CVE-2013-5849 __](<https://access.redhat.com/security/cve/CVE-2013-5849>), [CVE-2013-5790 __](<https://access.redhat.com/security/cve/CVE-2013-5790>), [CVE-2013-5784 __](<https://access.redhat.com/security/cve/CVE-2013-5784>))\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. ([CVE-2013-5778 __](<https://access.redhat.com/security/cve/CVE-2013-5778>))\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks. ([CVE-2013-5804 __](<https://access.redhat.com/security/cve/CVE-2013-5804>), [CVE-2013-5797 __](<https://access.redhat.com/security/cve/CVE-2013-5797>))\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. ([CVE-2013-5780 __](<https://access.redhat.com/security/cve/CVE-2013-5780>))\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. ([CVE-2013-5772 __](<https://access.redhat.com/security/cve/CVE-2013-5772>))\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. ([CVE-2013-5803 __](<https://access.redhat.com/security/cve/CVE-2013-5803>))\n\n \n**Affected Packages:** \n\n\njava-1.7.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.7.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.32.amzn1.i686 \n java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.32.amzn1.i686 \n java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.32.amzn1.i686 \n java-1.7.0-openjdk-1.7.0.45-2.4.3.2.32.amzn1.i686 \n java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.32.amzn1.i686 \n \n noarch: \n java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.2.32.amzn1.noarch \n \n src: \n java-1.7.0-openjdk-1.7.0.45-2.4.3.2.32.amzn1.src \n \n x86_64: \n java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.32.amzn1.x86_64 \n java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.32.amzn1.x86_64 \n java-1.7.0-openjdk-1.7.0.45-2.4.3.2.32.amzn1.x86_64 \n java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.32.amzn1.x86_64 \n java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.32.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-09-16T21:45:00", "title": "Critical: java-1.7.0-openjdk", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:16", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2014-09-16T21:45:00", "id": "ALAS-2013-235", "href": "https://alas.aws.amazon.com/ALAS-2013-235.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T16:55:18", "references": ["https://rhn.redhat.com/errata/RHSA-2014-1319.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.1-12.7.19.amzn1", "arch": "noarch", "packageFilename": "xerces-j2-scripts-2.7.1-12.7.19.amzn1.noarch.rpm", "packageName": "xerces-j2-scripts", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.1-12.7.19.amzn1", "arch": "noarch", "packageFilename": "xerces-j2-javadoc-other-2.7.1-12.7.19.amzn1.noarch.rpm", "packageName": "xerces-j2-javadoc-other", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.1-12.7.19.amzn1", "arch": "noarch", "packageFilename": "xerces-j2-demo-2.7.1-12.7.19.amzn1.noarch.rpm", "packageName": "xerces-j2-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.1-12.7.19.amzn1", "arch": "noarch", "packageFilename": "xerces-j2-javadoc-apis-2.7.1-12.7.19.amzn1.noarch.rpm", "packageName": "xerces-j2-javadoc-apis", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.1-12.7.19.amzn1", "arch": "noarch", "packageFilename": "xerces-j2-javadoc-xni-2.7.1-12.7.19.amzn1.noarch.rpm", "packageName": "xerces-j2-javadoc-xni", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.1-12.7.19.amzn1", "arch": "noarch", "packageFilename": "xerces-j2-javadoc-impl-2.7.1-12.7.19.amzn1.noarch.rpm", "packageName": "xerces-j2-javadoc-impl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.1-12.7.19.amzn1", "arch": "noarch", "packageFilename": "xerces-j2-2.7.1-12.7.19.amzn1.noarch.rpm", "packageName": "xerces-j2", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.1-12.7.19.amzn1", "arch": "src", "packageFilename": "xerces-j2-2.7.1-12.7.19.amzn1.src.rpm", "packageName": "xerces-j2", "operator": "lt"}], "description": "**Issue Overview:**\n\nA resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU.\n\n \n**Affected Packages:** \n\n\nxerces-j2\n\n \n**Issue Correction:** \nRun _yum update xerces-j2_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n noarch: \n xerces-j2-javadoc-apis-2.7.1-12.7.19.amzn1.noarch \n xerces-j2-javadoc-xni-2.7.1-12.7.19.amzn1.noarch \n xerces-j2-javadoc-other-2.7.1-12.7.19.amzn1.noarch \n xerces-j2-demo-2.7.1-12.7.19.amzn1.noarch \n xerces-j2-2.7.1-12.7.19.amzn1.noarch \n xerces-j2-scripts-2.7.1-12.7.19.amzn1.noarch \n xerces-j2-javadoc-impl-2.7.1-12.7.19.amzn1.noarch \n \n src: \n xerces-j2-2.7.1-12.7.19.amzn1.src \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-11-01T14:05:00", "title": "Medium: xerces-j2", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:18", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-4002"], "modified": "2014-11-01T14:05:00", "id": "ALAS-2014-436", "href": "https://alas.aws.amazon.com/ALAS-2014-436.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "f5": [{"lastseen": "2017-06-08T00:16:02", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned IDs 419633 and 565169 (BIG-IP), ID 562118 (Enterprise Manager and BIG-IQ), ID 552323 (ARX), and INSTALLER-1887 (Traffix SDC) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.6.0 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 12.0.0 - 12.1.0 \n11.6.1 \n11.5.4 HF2| High| Java, iControl REST \n10.1.0 - 11.4.1| 12.0.0 - 12.1.0 \n11.5.0 - 11.6.1| High| Configuration utility \nBIG-IP AAM| 11.6.0 \n11.4.0 - 11.5.4| 12.0.0 - 12.1.0 \n11.6.1 \n11.5.4 HF2| High| Java, iControl REST \n11.4.0 - 11.4.1| 12.0.0 - 12.1.0 \n11.5.0 - 11.6.1| High| Configuration utility \nBIG-IP AFM| 11.6.0 \n11.3.0 - 11.5.4| 12.0.0 - 12.1.0 \n11.6.1 \n11.5.4 HF2| High| Java, iControl REST \n11.3.0 - 11.4.1| 12.0.0 - 12.1.0 \n11.5.0 - 11.6.1| High| Configuration utility \nBIG-IP Analytics| 11.6.0 \n11.0.0 - 11.5.4| 12.0.0 - 12.1.0 \n11.6.1 \n11.5.4 HF2| High| Java, iControl REST \n11.0.0 - 11.4.1| 12.0.0 - 12.1.0 \n11.5.0 - 11.6.1| High| Configuration utility \nBIG-IP APM| 11.6.0 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 12.0.0 - 12.1.0 \n11.6.1 \n11.5.4 HF2| High| Java, iControl REST \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| 12.0.0 - 12.1.0 \n11.5.0 - 11.6.1| High| Configuration utility \nBIG-IP ASM| 11.6.0 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 12.0.0 - 12.1.0 \n11.6.1 \n11.5.4 HF2| High| Java, iControl REST \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| 12.0.0 - 12.1.0 \n11.5.0 - 11.6.1| High| Configuration utility \nBIG-IP DNS| None| 12.0.0 - 12.1.0| None| None \nNone| 12.0.0 - 12.1.0| None| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| High| Java, iControl REST \n11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| High| Configuration utility \nBIG-IP GTM| 11.6.0 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 11.6.1 \n11.5.4 HF2| High| Java, iControl REST \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| 11.5.0 - 11.6.1| High| Configuration utility \nBIG-IP Link Controller| 11.6.0 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 12.0.0 - 12.1.0 \n11.6.1 \n11.5.4 HF2| High| Java, iControl REST \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| 12.0.0 - 12.1.0 \n11.5.0 - 11.6.1| High| Configuration utility \nBIG-IP PEM| 11.6.0 \n11.3.0 - 11.5.4| 12.0.0 - 12.1.0 \n11.6.1 \n11.5.4 HF2| High| Java, iControl REST \n11.3.0 - 11.4.1| 12.0.0 - 12.1.0 \n11.5.0 - 11.6.1| High| Configuration utility \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| High| Java, iControl REST \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| High| Configuration utility \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| High| Java, iControl REST \n11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| High| Configuration utility \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| High| Java, iControl REST \n11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| High| Configuration utility \nARX| 6.0.0 - 6.4.0| None| Low| Java \nEnterprise Manager| 3.0.0 - 3.1.1| None| High| Java \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ Device| 4.0.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ Security| 4.0.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ ADC| None| 4.5.0| High| Java \nBIG-IQ Centralized Management| None| None| Not Vulnerable| None \nBIG-IQ Cloud and Orchestration| None| None| Not Vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.0.5| 5.0.0 \n4.4.0| Low| Java\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nBIG-IP, Enterprise Manager, and BIG-IQ\n\n**Impact of action:** Performing the following mitigation should not have a negative impact on your system.\n\nTo mitigate this vulnerability, you can limit access to the management port, Configuration utility, and iControl REST functionality to authorized users only.\n\nTraffix SDC\n\n**Impact of action:** Performing the following mitigation should not have a negative impact on your system.\n\nAn updated JDK 1.6.60 is available from F5 via a Traffix SDC security bulletin. For more information, contact your Traffix SDC technical support representative.\n\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n", "reporter": "f5", "published": "2016-06-09T20:20:00", "title": "Java vulnerabilities CVE-2013-5825 and CVE-2013-5830 ", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "affectedSoftware": [], "bulletinFamily": "software", "cvelist": ["CVE-2013-5830", "CVE-2013-5825"], "modified": "2017-03-14T00:49:00", "id": "F5:K48802597", "href": "https://support.f5.com/csp/article/K48802597", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:13", "references": ["https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13123.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nBIG-IP, Enterprise Manager, and BIG-IQ\n\n**Impact of action:** Performing the following mitigation should not have a negative impact on your system.\n\nTo mitigate this vulnerability, you can limit access to the management port, Configuration utility, and iControl REST functionality to authorized users only.\n\nTraffix SDC\n\n**Impact of action:** Performing the following mitigation should not have a negative impact on your system.\n\nAn updated JDK 1.6.60 is available from F5 via a Traffix SDC security bulletin. For more information, contact your Traffix SDC technical support representative.\n\nSupplemental Information\n\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n", "reporter": "f5", "published": "2016-06-09T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "f5", "title": "SOL48802597 - Java vulnerabilities CVE-2013-5825 and CVE-2013-5830", "bulletinFamily": "software", "affectedSoftware": [{"name": "11.0.0 - 11.4.1\t\t\t10.1.0 - 10.2.4", "version": "11.6.1", "operator": "le"}, {"name": "11.0.0 - 11.4.1\t\t\t10.1.0 - 10.2.4", "version": "11.6.1", "operator": "le"}, {"name": "11.0.0 - 11.4.1\t\t\t10.1.0 - 10.2.4", "version": "11.6.1", "operator": "le"}, {"name": "11.0.0 - 11.4.1\t\t\t10.1.0 - 10.2.4", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.5.4", "operator": "le"}, {"name": "BIG-IP PSM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.5.4", "operator": "le"}, {"name": "BIG-IQ Device", "version": "4.4.0 HF2", "operator": "le"}, {"name": "11.4.0 - 11.4.1", "version": "12.1.0", "operator": "le"}, {"name": "11.0.0 - 11.4.1\t\t\t10.1.0 - 10.2.4", "version": "12.1.0", "operator": "le"}, {"name": "11.0.0 - 11.4.1\t\t\t10.1.0 - 10.2.4", "version": "12.1.0", "operator": "le"}, {"name": "11.0.0 - 11.4.1\t\t\t10.1.0 - 10.2.4", "version": "12.1.0", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.5.4", "operator": "le"}, {"name": "11.0.0 - 11.4.1", "version": "12.1.0", "operator": "le"}, {"name": "BIG-IP Edge Gateway", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP GTM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "11.5.4", "operator": "le"}, {"name": "11.3.0 - 11.4.1", "version": "12.1.0", "operator": "le"}, {"name": "11.3.0 - 11.4.1", "version": "12.1.0", "operator": "le"}, {"name": "Enterprise Manager", "version": "3.1.1", "operator": "le"}, {"name": "BIG-IP APM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.5.4", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.5.4", "operator": "le"}, {"name": "BIG-IP LTM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP PSM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.5.4", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "10.2.4", "operator": "le"}, {"name": "10.1.0 - 11.4.1", "version": "11.6.1", "operator": "le"}, {"name": "Traffix SDC", "version": "4.0.5", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.6.0", "operator": "le"}, {"name": "11.0.0 - 11.4.1", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IQ Security", "version": "4.4.0 HF2", "operator": "le"}, {"name": "BIG-IP Edge Gateway", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP WOM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP GTM", "version": "10.2.4", "operator": "le"}, {"name": "None", "version": "12.1.0", "operator": "le"}, {"name": "BIG-IP WOM", "version": "11.3.0", "operator": "le"}, {"name": "ARX", "version": "6.4.0", "operator": "le"}, {"name": "BIG-IP GTM", "version": "11.5.4", "operator": "le"}, {"name": "11.4.0 - 11.4.1", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "11.5.4", "operator": "le"}, {"name": "BIG-IQ Cloud", "version": "4.4.0 HF2", "operator": "le"}, {"name": "10.1.0 - 11.4.1", "version": "12.1.0", "operator": "le"}, {"name": "11.3.0 - 11.4.1", "version": "11.6.1", "operator": "le"}, {"name": "11.3.0 - 11.4.1", "version": "11.6.1", "operator": "le"}], "cvelist": ["CVE-2013-5830", "CVE-2013-5825"], "modified": "2016-08-01T00:00:00", "id": "SOL48802597", "href": "http://support.f5.com/kb/en-us/solutions/public/k/48/sol48802597.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-06-08T00:16:10", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 552323 (ARX) and INSTALLER-1887 (Traffix SDC) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| 6.0.0 - 6.4.0| None| Low| Java \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ Device| 4.2.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ Security| 4.0.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1| 4.4.0| Medium| Java\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n", "reporter": "f5", "published": "2016-05-26T00:02:00", "type": "f5", "title": "Java vulnerability CVE-2013-5780", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2013-5780"], "modified": "2017-04-06T16:51:00", "href": "https://support.f5.com/csp/article/K68942513", "id": "F5:K68942513", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-06-08T00:16:18", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 562118 (Enterprise Manager), ID 552323 (ARX) and INSTALLER-1887 (Traffix) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| 6.0.0 - 6.4.0| None| Low| Java \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| Java \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ Device| 4.2.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ Security| 4.0.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1| 5.0.0 \n4.4.0| Low| Java\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n", "reporter": "f5", "published": "2016-05-24T19:32:00", "title": "Java vulnerability CVE-2013-5802", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "affectedSoftware": [], "bulletinFamily": "software", "cvelist": ["CVE-2013-5802"], "modified": "2017-04-06T16:51:00", "id": "F5:K53316849", "href": "https://support.f5.com/csp/article/K53316849", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-21T02:16:58", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 552323 (ARX) and INSTALLER-1887 (Traffix) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H61275340 on the **Diagnostics** &gt; **Identified** &gt; **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| 6.0.0 - 6.4.0| None| Low| Java \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ Device| 4.2.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ Security| 4.0.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1| 5.0.0 \n4.4.0| Low| Java\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n", "reporter": "f5", "published": "2016-06-20T22:12:00", "title": "Java vulnerability CVE-2013-5823", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2013-5823"], "modified": "2017-04-06T16:50:00", "href": "https://support.f5.com/csp/article/K61275340", "id": "F5:K61275340", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-06-08T00:16:38", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 562118 (Enterprise Manager) and ID 552323 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| 6.0.0 - 6.4.0| None| Low| Java \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| Java \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.4.0| 4.5.0| High| Java \nBIG-IQ Device| 4.2.0 - 4.4.0| 4.5.0| High| Java \nBIG-IQ Security| 4.0.0 - 4.4.0| 4.5.0| High| Java \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n", "reporter": "f5", "published": "2016-05-24T01:25:00", "title": "Java vulnerability CVE-2013-5782", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2013-5782"], "modified": "2017-03-14T00:49:00", "href": "https://support.f5.com/csp/article/K14340611", "id": "F5:K14340611", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-06-08T00:16:34", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 552323 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H78530002 on the **Diagnostics** &gt; **Identified** &gt; **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| 6.0.0 - 6.4.0| None| Low| Java \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.4.0| 4.5.0| High| Java \nBIG-IQ Device| 4.2.0 - 4.4.0| 4.5.0| High| Java \nBIG-IQ Security| 4.0.0 - 4.4.0| 4.5.0| High| Java \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n", "reporter": "f5", "published": "2016-06-20T22:14:00", "title": "Java vulnerability CVE-2013-5803", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "affectedSoftware": [], "bulletinFamily": "software", "cvelist": ["CVE-2013-5803"], "modified": "2017-04-06T16:50:00", "id": "F5:K78530002", "href": "https://support.f5.com/csp/article/K78530002", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:55", "references": ["https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15106.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15113.html", "https://support.f5.com/kb/en-us/solutions/public/12000/700/sol12766.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL15106: Managing BIG-IQ product hotfixes\n * SOL15113: BIG-IQ hotfix matrix\n * SOL12766: ARX hotfix matrix\n", "edition": 1, "reporter": "f5", "published": "2016-05-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "f5", "title": "SOL53316849 - Java vulnerability CVE-2013-5802", "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IQ Device", "version": "4.4.0 HF2", "operator": "le"}, {"name": "Enterprise Manager", "version": "3.1.1", "operator": "le"}, {"name": "BIG-IQ Security", "version": "4.4.0 HF2", "operator": "le"}, {"name": "Traffix SDC", "version": "4.1.0", "operator": "le"}, {"name": "ARX", "version": "6.4.0", "operator": "le"}, {"name": "Traffix SDC", "version": "3.5.1", "operator": "le"}, {"name": "BIG-IQ Cloud", "version": "4.4.0 HF2", "operator": "le"}], "cvelist": ["CVE-2013-5802"], "modified": "2016-06-20T00:00:00", "id": "SOL53316849", "href": "http://support.f5.com/kb/en-us/solutions/public/k/53/sol53316849.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:29", "references": ["https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15106.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/9000/500/sol9502.html", "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15113.html", "https://support.f5.com/kb/en-us/solutions/public/12000/700/sol12766.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL9502: BIG-IP hotfix matrix\n * SOL15106: Managing BIG-IQ product hotfixes\n * SOL15113: BIG-IQ hotfix matrix\n * SOL12766: ARX hotfix matrix\n", "edition": 1, "reporter": "f5", "published": "2016-05-23T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "f5", "title": "SOL14340611 - Java vulnerability CVE-2013-5782", "bulletinFamily": "software", "affectedSoftware": [{"name": "Enterprise Manager", "version": "3.1.1", "operator": "le"}, {"name": "BIG-IQ Security", "version": "4.4.0", "operator": "le"}, {"name": "BIG-IQ Cloud", "version": "4.4.0", "operator": "le"}, {"name": "BIG-IQ Device", "version": "4.4.0", "operator": "le"}, {"name": "ARX", "version": "6.4.0", "operator": "le"}], "cvelist": ["CVE-2013-5782"], "modified": "2016-06-20T00:00:00", "id": "SOL14340611", "href": "http://support.f5.com/kb/en-us/solutions/public/k/14/sol14340611.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-06-08T00:16:29", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 552323 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| \nNone| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| 6.0.0 - 6.4.0| None| Low| Management GUI Java \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "reporter": "f5", "published": "2016-05-25T01:58:00", "title": "Multiple Java vulnerabilities", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2013-5848", "CVE-2013-5818", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5776", "CVE-2013-5842", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5852", "CVE-2013-5789", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2017-03-14T00:49:00", "href": "https://support.f5.com/csp/article/K95313044", "id": "F5:K95313044", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:39:29", "references": ["https://bugzilla.novell.com/846999", "http://download.novell.com/patch/finder/?keywords=41b2667e06be42c5dcb1c022821e91ef"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.7.0.6-0.21.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-demo-1.7.0.6-0.21.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk-demo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.7.0.6-0.21.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-1.7.0.6-0.21.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.7.0.6-0.21.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-1.7.0.6-0.21.1.i586.rpm", "packageName": "java-1_7_0-openjdk", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.7.0.6-0.21.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-devel-1.7.0.6-0.21.1.i586.rpm", "packageName": "java-1_7_0-openjdk-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.7.0.6-0.21.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-devel-1.7.0.6-0.21.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.7.0.6-0.21.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-demo-1.7.0.6-0.21.1.i586.rpm", "packageName": "java-1_7_0-openjdk-demo", "operator": "lt"}], "description": "This release updates our OpenJDK 7 support in the 2.4.x\n series with a number of security fixes and synchronises it\n with upstream development. The security issues fixed (a\n long list) can be found in the following link:\n\n <a rel=\"nofollow\" href=\"http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-O\">http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-O</a>\n ctober/025087.html\n &lt;<a rel=\"nofollow\" href=\"http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-\">http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-</a>\n October/025087.html&gt;\n", "edition": 1, "reporter": "Suse", "published": "2013-11-13T15:04:17", "title": "Security update for OpenJDK 7 (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5806", "CVE-2013-5805", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-11-13T15:04:17", "id": "SUSE-SU-2013:1666-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:18:18", "references": ["http://download.novell.com/patch/finder/?keywords=72ed1fe5b55bbe85bd66cb799815e617", "http://download.novell.com/patch/finder/?keywords=5081cdae28bd8b3832e528c33135eb2a", "https://bugzilla.novell.com/849212"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-alsa-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-alsa-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.4-0.5.1.s390x.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-alsa-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-alsa-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.4-0.5.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr16.4-0.5.1.s390x.rpm", "packageName": "java-1_5_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.4-0.5.1.s390x.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.4-0.5.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.4-0.5.1.s390x.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr16.4-0.5.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr16.4-0.5.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr16.4-0.5.1.s390x.rpm", "packageName": "java-1_5_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.4-0.5.1.s390x.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}], "description": "IBM Java 5 SR16-FP4 has been released which fixes lots of\n bugs and security issues.\n\n More information can be found on:\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n &lt;<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>&gt;\n\n The following CVEs are fixed:\n CVE-2013-4041,CVE-2013-5375,CVE-2013-5372,CVE-2013-5843,CVE-\n 2013-5830,CVE-2013-5829,CVE-2013-5842,CVE-2013-5782,CVE-2013\n -5817,CVE-2013-5809,CVE-2013-5814,CVE-2013-5802,CVE-2013-580\n 4,CVE-2013-5783,CVE-2013-3829,CVE-2013-4002,CVE-2013-5774,CV\n E-2013-5825,CVE-2013-5840,CVE-2013-5801,CVE-2013-5778,CVE-20\n 13-5849,CVE-2013-5790,CVE-2013-5780,CVE-2013-5797,CVE-2013-5\n 803\n\n\n", "edition": 1, "reporter": "Suse", "published": "2013-11-14T16:04:15", "title": "Security update for IBM Java 5 (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5778", "CVE-2013-5375", "CVE-2013-5842", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5372", "CVE-2013-5843", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-4041", "CVE-2013-5829", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797"], "modified": "2013-11-14T16:04:15", "id": "SUSE-SU-2013:1669-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00012.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:38:36", "references": ["http://download.novell.com/patch/finder/?keywords=f509561ef73c266408b23c081a5bfd6f", "https://bugzilla.novell.com/849212", "http://download.novell.com/patch/finder/?keywords=ef51c242d9ef6e9ca30f6407189dda8b"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "IBM Java 7 SR6 has been released and fixes lots of bugs and\n security issues.\n\n More information can be found on:\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n &lt;<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>&gt;\n", "edition": 1, "reporter": "Suse", "published": "2013-11-22T08:04:19", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for IBM Java 7 (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5818", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5375", "CVE-2013-5776", "CVE-2013-5788", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5372", "CVE-2013-5825", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5456", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5458", "CVE-2013-5814", "CVE-2013-4041", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5457", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-11-22T08:04:19", "id": "SUSE-SU-2013:1677-3", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00022.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:56:36", "references": ["http://download.novell.com/patch/finder/?keywords=ee3af08cb4368a9b3504c613b99084af", "https://bugzilla.novell.com/849212"], "affectedPackage": [{"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.4-0.4", "packageName": "IBMJava5-SDK", "packageFilename": "IBMJava5-SDK-1.5.0_sr16.4-0.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.4-0.4", "packageName": "IBMJava5-SDK", "packageFilename": "IBMJava5-SDK-1.5.0_sr16.4-0.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.4-0.4", "packageName": "IBMJava5-JRE", "packageFilename": "IBMJava5-JRE-1.5.0_sr16.4-0.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.4-0.4", "packageName": "IBMJava5-SDK", "packageFilename": "IBMJava5-SDK-1.5.0_sr16.4-0.4.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.4-0.4", "packageName": "IBMJava5-JRE", "packageFilename": "IBMJava5-JRE-1.5.0_sr16.4-0.4.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.4-0.4", "packageName": "IBMJava5-JRE", "packageFilename": "IBMJava5-JRE-1.5.0_sr16.4-0.4.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.4-0.4", "packageName": "IBMJava5-JRE", "packageFilename": "IBMJava5-JRE-1.5.0_sr16.4-0.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.4-0.4", "packageName": "IBMJava5-SDK", "packageFilename": "IBMJava5-SDK-1.5.0_sr16.4-0.4.s390.rpm", "arch": "s390", "operator": "lt"}], "description": "IBM Java 5 SR16-FP4 has been released which fixes lots of\n bugs and security issues.\n\n More information can be found on:\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n &lt;<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>&gt;\n", "edition": 1, "reporter": "Suse", "published": "2013-11-15T00:04:35", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for IBM Java 5 (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5818", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5375", "CVE-2013-5776", "CVE-2013-5788", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5372", "CVE-2013-5825", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5456", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5458", "CVE-2013-5814", "CVE-2013-4041", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5457", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-11-15T00:04:35", "id": "SUSE-SU-2013:1677-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:40:21", "references": ["http://download.novell.com/patch/finder/?keywords=92a6b678be36dd2d8ecf92f74430bc5b", "http://download.novell.com/patch/finder/?keywords=17a9db88ef351844a3d8a3520e5c917e", "http://download.novell.com/patch/finder/?keywords=63037b81cb4f45a6e8f55663f0b31d59", "http://download.novell.com/patch/finder/?keywords=bfac4cdb47e4e4279150421690839df9", "http://download.novell.com/patch/finder/?keywords=59cacab82a07026e7b534dd6b64bd1d7", "https://bugzilla.novell.com/849212"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.14.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.9.9.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.14.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.9.9.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.9.9.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-32bit-1.6.0_sr15.0-0.9.9.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.14.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.14.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.14.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-32bit-1.6.0_sr15.0-0.14.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.14.1.s390x.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "ope