This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
An update for java-1.6.0-openjdk is now available for Red Hat
Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.
Security Fix(es) :
* An insufficient bytecode verification flaw was discovered in the
Hotspot component in OpenJDK. An untrusted Java application or applet
could use this flaw to completely bypass Java sandbox restrictions.
* Multiple denial of service flaws were found in the JAXP component in
OpenJDK. A specially crafted XML file could cause a Java application
using JAXP to consume an excessive amount of CPU and memory when
parsed. (CVE-2016-3500, CVE-2016-3508)
* Multiple flaws were found in the CORBA and Hotsport components in
OpenJDK. An untrusted Java application or applet could use these flaws
to bypass certain Java sandbox restrictions. (CVE-2016-3458,
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.0
Public Exploit Available : false