RHEL 4 / 5 : java-1.6.0-sun (RHSA-2008:1018)

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated java-1.6.0-sun packages that correct several security issues
are now available for Red Hat Enterprise Linux 4 Extras and 5
Supplementary.

This update has been rated as having critical security impact by the
Red Hat Security Response Team.

The Java Runtime Environment (JRE) contains the software and tools
that users need to run applets and applications written using the Java
programming language.

A vulnerability was found in in Java Web Start. If a user visits a
malicious website, an attacker could misuse this flaw to execute
arbitrary code. (CVE-2008-2086)

Additionally, these packages fix several other critical
vulnerabilities. These are summarized in the 'Advance notification of
Security Updates for Java SE' from Sun Microsystems.

Users of java-1.6.0-sun should upgrade to these updated packages,
which correct these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2008-2086.html
https://www.redhat.com/security/data/cve/CVE-2008-5339.html
https://www.redhat.com/security/data/cve/CVE-2008-5340.html
https://www.redhat.com/security/data/cve/CVE-2008-5341.html
https://www.redhat.com/security/data/cve/CVE-2008-5342.html
https://www.redhat.com/security/data/cve/CVE-2008-5343.html
https://www.redhat.com/security/data/cve/CVE-2008-5344.html
https://www.redhat.com/security/data/cve/CVE-2008-5345.html
https://www.redhat.com/security/data/cve/CVE-2008-5347.html
https://www.redhat.com/security/data/cve/CVE-2008-5348.html
https://www.redhat.com/security/data/cve/CVE-2008-5349.html
https://www.redhat.com/security/data/cve/CVE-2008-5350.html
https://www.redhat.com/security/data/cve/CVE-2008-5351.html
https://www.redhat.com/security/data/cve/CVE-2008-5352.html
https://www.redhat.com/security/data/cve/CVE-2008-5353.html
https://www.redhat.com/security/data/cve/CVE-2008-5354.html
https://www.redhat.com/security/data/cve/CVE-2008-5356.html
https://www.redhat.com/security/data/cve/CVE-2008-5357.html
https://www.redhat.com/security/data/cve/CVE-2008-5358.html
https://www.redhat.com/security/data/cve/CVE-2008-5359.html
https://www.redhat.com/security/data/cve/CVE-2008-5360.html
http://www.nessus.org/u?c8d7aabf
http://rhn.redhat.com/errata/RHSA-2008-1018.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true