RHEL 4 / 5 : java-1.5.0-sun (RHSA-2010:0338)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

The java-1.5.0-sun packages as shipped in Red Hat Enterprise Linux 4
Extras and 5 Supplementary contain security flaws and should not be
used.

The Red Hat Security Response Team has rated this update as having
critical security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment
and the Sun Java 5 Software Development Kit.

The java-1.5.0-sun packages are vulnerable to a number of security
flaws and should no longer be used. (CVE-2009-3555, CVE-2010-0082,
CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088,
CVE-2010-0089, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093,
CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838,
CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842,
CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846,
CVE-2010-0847, CVE-2010-0848, CVE-2010-0849)

The Sun Java SE Release family 5.0 reached its End of Service Life on
November 3, 2009. The RHSA-2009:1571 update provided the final
publicly available update of version 5.0 (Update 22). Users interested
in continuing to receive critical fixes for Sun Java SE 5.0 should
contact Oracle :

http://www.sun.com/software/javaforbusiness/index.jsp

An alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of
the IBM Developer Kit for Linux, which is available from the Extras
and Supplementary channels on the Red Hat Network.

Applications capable of using the Java 6 runtime can be migrated to
Java 6 on: OpenJDK (java-1.6.0-openjdk), an open source JDK included
in Red Hat Enterprise Linux 5, since 5.3
the IBM JDK, java-1.6.0-ibm

or the Sun JDK, java-1.6.0-sun.

This update removes the java-1.5.0-sun packages as they have reached
their End of Service Life.

See also :

https://www.redhat.com/security/data/cve/CVE-2009-3555.html
https://www.redhat.com/security/data/cve/CVE-2010-0082.html
https://www.redhat.com/security/data/cve/CVE-2010-0084.html
https://www.redhat.com/security/data/cve/CVE-2010-0085.html
https://www.redhat.com/security/data/cve/CVE-2010-0087.html
https://www.redhat.com/security/data/cve/CVE-2010-0088.html
https://www.redhat.com/security/data/cve/CVE-2010-0089.html
https://www.redhat.com/security/data/cve/CVE-2010-0091.html
https://www.redhat.com/security/data/cve/CVE-2010-0092.html
https://www.redhat.com/security/data/cve/CVE-2010-0093.html
https://www.redhat.com/security/data/cve/CVE-2010-0094.html
https://www.redhat.com/security/data/cve/CVE-2010-0095.html
https://www.redhat.com/security/data/cve/CVE-2010-0837.html
https://www.redhat.com/security/data/cve/CVE-2010-0838.html
https://www.redhat.com/security/data/cve/CVE-2010-0839.html
https://www.redhat.com/security/data/cve/CVE-2010-0840.html
https://www.redhat.com/security/data/cve/CVE-2010-0841.html
https://www.redhat.com/security/data/cve/CVE-2010-0842.html
https://www.redhat.com/security/data/cve/CVE-2010-0843.html
https://www.redhat.com/security/data/cve/CVE-2010-0844.html
https://www.redhat.com/security/data/cve/CVE-2010-0845.html
https://www.redhat.com/security/data/cve/CVE-2010-0846.html
https://www.redhat.com/security/data/cve/CVE-2010-0847.html
https://www.redhat.com/security/data/cve/CVE-2010-0848.html
https://www.redhat.com/security/data/cve/CVE-2010-0849.html
http://www.nessus.org/u?87fbe7cc
http://rhn.redhat.com/errata/RHSA-2010-0338.html

Solution :

Update the affected java-1.5.0-sun-uninstall package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Public Exploit Available : true