Detections
Analytics
RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1793)
critical Nessus Plugin ID 78984
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.4, 5.5 and 5.6.The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4, 5.5 and 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets.
Several flaws were fixed in the IBM Java 2 Runtime Environment.
(CVE-2013-3829, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375, CVE-2013-5457, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851)
Users of Red Hat Network Satellite Server 5.4, 5.5 and 5.6 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR15 release. For this update to take effect, Red Hat Network Satellite Server must be restarted ('/usr/sbin/rhn-satellite restart'), as well as all running instances of IBM Java.
Solution
Update the affected java-1.6.0-ibm and / or java-1.6.0-ibm-devel packages.See Also
https://developer.ibm.com/javasdk/support/security-vulnerabilities/
https://access.redhat.com/errata/RHSA-2013:1793
https://access.redhat.com/security/cve/cve-2013-5812
https://access.redhat.com/security/cve/cve-2013-5814
https://access.redhat.com/security/cve/cve-2013-5817
https://access.redhat.com/security/cve/cve-2013-5819
https://access.redhat.com/security/cve/cve-2013-5797
https://access.redhat.com/security/cve/cve-2013-5851
https://access.redhat.com/security/cve/cve-2013-5850
https://access.redhat.com/security/cve/cve-2013-3829
https://access.redhat.com/security/cve/cve-2013-5843
https://access.redhat.com/security/cve/cve-2013-5848
https://access.redhat.com/security/cve/cve-2013-5829
https://access.redhat.com/security/cve/cve-2013-5818
https://access.redhat.com/security/cve/cve-2013-5820
https://access.redhat.com/security/cve/cve-2013-5823
https://access.redhat.com/security/cve/cve-2013-5824
https://access.redhat.com/security/cve/cve-2013-5825
https://access.redhat.com/security/cve/cve-2013-5802
https://access.redhat.com/security/cve/cve-2013-5803
https://access.redhat.com/security/cve/cve-2013-5801
https://access.redhat.com/security/cve/cve-2013-5789
https://access.redhat.com/security/cve/cve-2013-5804
https://access.redhat.com/security/cve/cve-2013-5849
https://access.redhat.com/security/cve/cve-2013-5784
https://access.redhat.com/security/cve/cve-2013-5787
https://access.redhat.com/security/cve/cve-2013-5809
https://access.redhat.com/security/cve/cve-2013-5842
https://access.redhat.com/security/cve/cve-2013-5780
https://access.redhat.com/security/cve/cve-2013-5783
https://access.redhat.com/security/cve/cve-2013-5782
https://access.redhat.com/security/cve/cve-2013-5840
https://access.redhat.com/security/cve/cve-2013-5772
https://access.redhat.com/security/cve/cve-2013-5774
https://access.redhat.com/security/cve/cve-2013-5776
https://access.redhat.com/security/cve/cve-2013-5778
https://access.redhat.com/security/cve/cve-2013-5832
https://access.redhat.com/security/cve/cve-2013-5831
https://access.redhat.com/security/cve/cve-2013-5830
https://access.redhat.com/security/cve/cve-2013-5375
https://access.redhat.com/security/cve/cve-2013-5372
Plugin Details
Severity: Critical
ID: 78984
File Name: redhat-RHSA-2013-1793.nasl
Version: 1.14
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 11/8/2014
Updated: 1/14/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.5
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:6
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 12/5/2013
Vulnerability Publication Date: 10/16/2013
Reference Information
CVE: CVE-2013-3829, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375, CVE-2013-5457, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851
RHSA: 2013:1793