Detections
Analytics
RHEL 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:0263)
critical Nessus Plugin ID 81504
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Satellite 5.7.Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.7. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets.
Several flaws were fixed in the IBM Java 2 Runtime Environment.
(CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891, CVE-2014-8892, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412)
Users of Red Hat Satellite 5.7 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR16-FP3 release. For this update to take effect, Red Hat Satellite must be restarted ('/usr/sbin/rhn-satellite restart'), as well as all running instances of IBM Java.
Solution
Update the affected java-1.6.0-ibm and / or java-1.6.0-ibm-devel packages.See Also
https://developer.ibm.com/javasdk/support/security-vulnerabilities/
https://access.redhat.com/errata/RHSA-2015:0263
https://access.redhat.com/security/cve/cve-2015-0406
https://access.redhat.com/security/cve/cve-2015-0403
https://access.redhat.com/security/cve/cve-2015-0408
https://access.redhat.com/security/cve/cve-2015-0407
https://access.redhat.com/security/cve/cve-2015-0395
https://access.redhat.com/security/cve/cve-2015-0410
https://access.redhat.com/security/cve/cve-2014-6591
https://access.redhat.com/security/cve/cve-2014-6593
https://access.redhat.com/security/cve/cve-2014-6587
https://access.redhat.com/security/cve/cve-2015-0412
https://access.redhat.com/security/cve/cve-2014-6585
Plugin Details
Severity: Critical
ID: 81504
File Name: redhat-RHSA-2015-0263.nasl
Version: 1.15
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 2/25/2015
Updated: 10/24/2019
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.5
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/24/2015
Vulnerability Publication Date: 1/21/2015
Reference Information
CVE: CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891, CVE-2014-8892, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412
RHSA: 2015:0263