RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2015:0857)
critical Nessus Plugin ID 82909
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7.Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
(CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492)
The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security.
All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 79 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Solution
Update the affected packages.See Also
http://www.nessus.org/u?ef68d9ef
https://access.redhat.com/errata/RHSA-2015:0857
https://access.redhat.com/security/cve/cve-2005-1080
https://access.redhat.com/security/cve/cve-2015-0458
https://access.redhat.com/security/cve/cve-2015-0459
https://access.redhat.com/security/cve/cve-2015-0460
https://access.redhat.com/security/cve/cve-2015-0469
https://access.redhat.com/security/cve/cve-2015-0477
https://access.redhat.com/security/cve/cve-2015-0478
https://access.redhat.com/security/cve/cve-2015-0480
https://access.redhat.com/security/cve/cve-2015-0484
https://access.redhat.com/security/cve/cve-2015-0488
Plugin Details
Severity: Critical
ID: 82909
File Name: redhat-RHSA-2015-0857.nasl
Version: 1.11
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 4/21/2015
Updated: 10/24/2019
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent
Risk Information
VPR
Risk Factor: High
Score: 7.3
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle, p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-devel, p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-javafx, p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-jdbc, p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-plugin, p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-src, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:6, cpe:/o:redhat:enterprise_linux:6.6, cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:7.1
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 4/20/2015
Reference Information
CVE: CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492
BID: 13083, 74072, 74083, 74094, 74097, 74104, 74111, 74119, 74129, 74135, 74141, 74147
RHSA: 2015:0857