RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2009:1505)

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated java-1.4.2-ibm packages that fix two security issues are now
available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise
Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

The IBM 1.4.2 SR13-FP1 Java release includes the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit.

This update fixes two vulnerabilities in the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit. These
vulnerabilities are summarized on the IBM 'Security alerts' page
listed in the References section. (CVE-2008-5349, CVE-2009-2625)

All users of java-1.4.2-ibm are advised to upgrade to these updated
packages, which contain the IBM 1.4.2 SR13-FP1 Java release. All
running instances of IBM Java must be restarted for this update to
take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2008-5349.html
https://www.redhat.com/security/data/cve/CVE-2009-2625.html
http://www.ibm.com/developerworks/java/jdk/alerts/
http://rhn.redhat.com/errata/RHSA-2009-1505.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 42135 ()

Bugtraq ID: 35958

CVE ID: CVE-2008-5349
CVE-2009-2625