Lucene search

K
redhatRedHatRHSA-2015:1091
HistoryJun 11, 2015 - 12:00 a.m.

(RHSA-2015:1091) Low: Red Hat Satellite IBM Java Runtime security update

2015-06-1100:00:00
access.redhat.com
30

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.112 Low

EPSS

Percentile

94.3%

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.

This update corrects several security vulnerabilities in the IBM Java
Runtime Environment shipped as part of Red Hat Satellite 5. In a typical
operating environment, these are of low security risk as the runtime is not
used on untrusted applets. Further information about these flaws can be
found on the IBM Java Security alerts page, listed in the References
section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458,
CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480,
CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808)

The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat
Product Security.

Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites
by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla
bug 1207101, linked to from the References section, for additional details
about this change.

Users of Red Hat Satellite 5.6 and 5.7 are advised to upgrade to these
updated packages, which contain the IBM Java SE 6 SR16-FP4 release. For
this update to take effect, Red Hat Satellite must be restarted
(“/usr/sbin/rhn-satellite restart”), as well as all running instances of
IBM Java.

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.112 Low

EPSS

Percentile

94.3%

Related for RHSA-2015:1091