RHEL 5 / 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:0264) (POODLE)

Critical Nessus Plugin ID 81505

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Satellite 5.6.

Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets.

Several flaws were fixed in the IBM Java 2 Runtime Environment.
(CVE-2014-3065, CVE-2014-3068, CVE-2014-3566, CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265, CVE-2014-4288, CVE-2014-6457, CVE-2014-6458, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891, CVE-2014-8892, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412)

The CVE-2014-4262 and CVE-2014-6512 issues were discovered by Florian Weimer of Red Hat Product Security.

Users of Red Hat Satellite 5.6 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR16-FP3 release. For this update to take effect, Red Hat Satellite must be restarted ('/usr/sbin/rhn-satellite restart'), as well as all running instances of IBM Java.

Solution

Update the affected java-1.6.0-ibm and / or java-1.6.0-ibm-devel packages.

See Also

https://developer.ibm.com/javasdk/support/security-vulnerabilities/

https://access.redhat.com/errata/RHSA-2015:0264

https://access.redhat.com/security/cve/cve-2014-4262

https://access.redhat.com/security/cve/cve-2014-4263

https://access.redhat.com/security/cve/cve-2014-4252

https://access.redhat.com/security/cve/cve-2014-4244

https://access.redhat.com/security/cve/cve-2014-4219

https://access.redhat.com/security/cve/cve-2014-4218

https://access.redhat.com/security/cve/cve-2014-4209

https://access.redhat.com/security/cve/cve-2014-4265

https://access.redhat.com/security/cve/cve-2014-4227

https://access.redhat.com/security/cve/cve-2014-6502

https://access.redhat.com/security/cve/cve-2014-6457

https://access.redhat.com/security/cve/cve-2014-6506

https://access.redhat.com/security/cve/cve-2014-6531

https://access.redhat.com/security/cve/cve-2014-6558

https://access.redhat.com/security/cve/cve-2014-6511

https://access.redhat.com/security/cve/cve-2014-6512

https://access.redhat.com/security/cve/cve-2014-6503

https://access.redhat.com/security/cve/cve-2014-6532

https://access.redhat.com/security/cve/cve-2014-4288

https://access.redhat.com/security/cve/cve-2014-6458

https://access.redhat.com/security/cve/cve-2014-6493

https://access.redhat.com/security/cve/cve-2014-6492

https://access.redhat.com/security/cve/cve-2014-6515

https://access.redhat.com/security/cve/cve-2014-3566

https://access.redhat.com/security/cve/cve-2014-3065

https://access.redhat.com/security/cve/cve-2014-3068

https://access.redhat.com/security/cve/cve-2015-0406

https://access.redhat.com/security/cve/cve-2015-0403

https://access.redhat.com/security/cve/cve-2015-0408

https://access.redhat.com/security/cve/cve-2015-0407

https://access.redhat.com/security/cve/cve-2015-0395

https://access.redhat.com/security/cve/cve-2015-0410

https://access.redhat.com/security/cve/cve-2014-6591

https://access.redhat.com/security/cve/cve-2014-6593

https://access.redhat.com/security/cve/cve-2014-6587

https://access.redhat.com/security/cve/cve-2015-0412

https://access.redhat.com/security/cve/cve-2014-6585

https://access.redhat.com/security/cve/cve-2014-8892

https://access.redhat.com/security/cve/cve-2014-8891

Plugin Details

Severity: Critical

ID: 81505

File Name: redhat-RHSA-2015-0264.nasl

Version: 1.22

Type: local

Agent: unix

Published: 2015/02/25

Updated: 2018/12/27

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 6.8

Temporal Score: 6.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/02/24

Reference Information

CVE: CVE-2014-3065, CVE-2014-3068, CVE-2014-3566, CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265, CVE-2014-4288, CVE-2014-6457, CVE-2014-6458, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891, CVE-2014-8892, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412

BID: 73258, 73259

RHSA: 2015:0264