RHEL 5 / 6 : java-1.7.0-ibm and java-1.7.1-ibm (RHSA-2016:1430) (SLOTH)
critical Nessus Plugin ID 92400
Language:
New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.
VPR Score: 7.3
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for java-1.7.0-ibm and java-1.7.1-ibm is now available for Red Hat Satellite 5.7 and Red Hat Satellite 5.6.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update upgrades IBM Java SE 7 to versions 7 SR9-FP40 and 7R1 SR3-FP40.
Security Fix(es) :
* This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-5006, CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494, CVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449)
Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue.
Solution
Update the affected packages.See Also
https://access.redhat.com/errata/RHSA-2016:1430
https://access.redhat.com/security/cve/cve-2015-4734
https://access.redhat.com/security/cve/cve-2015-4803
https://access.redhat.com/security/cve/cve-2015-4805
https://access.redhat.com/security/cve/cve-2015-4806
https://access.redhat.com/security/cve/cve-2015-4810
https://access.redhat.com/security/cve/cve-2015-4835
https://access.redhat.com/security/cve/cve-2015-4840
https://access.redhat.com/security/cve/cve-2015-4842
https://access.redhat.com/security/cve/cve-2015-4843
https://access.redhat.com/security/cve/cve-2015-4844
https://access.redhat.com/security/cve/cve-2015-4860
https://access.redhat.com/security/cve/cve-2015-4871
https://access.redhat.com/security/cve/cve-2015-4872
https://access.redhat.com/security/cve/cve-2015-4882
https://access.redhat.com/security/cve/cve-2015-4883
https://access.redhat.com/security/cve/cve-2015-4893
https://access.redhat.com/security/cve/cve-2015-4902
https://access.redhat.com/security/cve/cve-2015-4903
https://access.redhat.com/security/cve/cve-2015-5006
https://access.redhat.com/security/cve/cve-2015-5041
https://access.redhat.com/security/cve/cve-2015-7575
https://access.redhat.com/security/cve/cve-2015-7981
https://access.redhat.com/security/cve/cve-2015-8126
https://access.redhat.com/security/cve/cve-2015-8472
https://access.redhat.com/security/cve/cve-2015-8540
https://access.redhat.com/security/cve/cve-2016-0264
https://access.redhat.com/security/cve/cve-2016-0363
https://access.redhat.com/security/cve/cve-2016-0376
https://access.redhat.com/security/cve/cve-2016-0402
https://access.redhat.com/security/cve/cve-2016-0448
https://access.redhat.com/security/cve/cve-2016-0466
https://access.redhat.com/security/cve/cve-2016-0483
https://access.redhat.com/security/cve/cve-2016-0494
https://access.redhat.com/security/cve/cve-2016-0686
https://access.redhat.com/security/cve/cve-2016-0687
https://access.redhat.com/security/cve/cve-2016-3422
https://access.redhat.com/security/cve/cve-2016-3426
https://access.redhat.com/security/cve/cve-2016-3427
Plugin Details
Severity: Critical
ID: 92400
File Name: redhat-RHSA-2016-1430.nasl
Version: 2.14
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 7/19/2016
Updated: 10/24/2019
Dependencies: 12634
Risk Information
Risk Factor: Critical
VPR Score: 7.3
CVSS v2.0
Base Score: 10
Temporal Score: 7.4
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal Vector: E:U/RL:OF/RC:C
CVSS v3.0
Base Score: 9.6
Temporal Score: 8.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Temporal Vector: E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm, p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-devel, p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm, p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel, p-cpe:/a:redhat:enterprise_linux:spacewalk-java, p-cpe:/a:redhat:enterprise_linux:spacewalk-java-config, p-cpe:/a:redhat:enterprise_linux:spacewalk-java-lib, p-cpe:/a:redhat:enterprise_linux:spacewalk-java-oracle, p-cpe:/a:redhat:enterprise_linux:spacewalk-java-postgresql, p-cpe:/a:redhat:enterprise_linux:spacewalk-taskomatic, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:6
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 7/18/2016
Vulnerability Publication Date: 10/21/2015
Reference Information
CVE: CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-5006, CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494, CVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449
RHSA: 2016:1430