Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57996
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0073
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0073.

IBM's 1.5.0 Java release includes the IBM Java 2 Runtime Environment and
the IBM Java 2 Software Development Kit.

Vulnerabilities were discovered in the Java Runtime Environment. An
untrusted applet could use these vulnerabilities to access data from other
applets. (CVE-2006-6736, CVE-2006-6737)

Serialization flaws were discovered in the Java Runtime Environment. An
untrusted applet or application could use these flaws to elevate its
privileges. (CVE-2006-6745)

Buffer overflow vulnerabilities were discovered in the Java Runtime
Environment. An untrusted applet could use these flaws to elevate its
privileges, possibly reading and writing local files or executing local
applications. (CVE-2006-6731)

Daniel Bleichenbacher discovered an attack on PKCS #1 v1.5 signatures.
Where an RSA key with exponent 3 is used it may be possible for an attacker
to forge a PKCS #1 v1.5 signature that would be incorrectly verified by
implementations that do not check for excess data in the RSA exponentiation
result of the signature. (CVE-2006-4339)

All users of java-ibm-1.5.0 should upgrade to these packages, which contain
IBM's 1.5.0 SR3 Java release which resolves these issues.

Please note that the packages in this erratum are identical to those we
released on January 24th 2007 in advisory RHEA-2007:0027. We have issued
this security update because when we released RHEA-2007:0027 we were not
aware that it contained fixes for security issues. If you have already
updated to those packages you will not need to apply this update.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0073.html
http://www-128.ibm.com/developerworks/java/jdk/alerts/
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-4339
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
http://dev2dev.bea.com/pub/advisory/238
BugTraq ID: 19849
http://www.securityfocus.com/bid/19849
BugTraq ID: 22083
http://www.securityfocus.com/bid/22083
BugTraq ID: 28276
http://www.securityfocus.com/bid/28276
Bugtraq: 20060905 rPSA-2006-0163-1 openssl openssl-scripts (Google Search)
http://www.securityfocus.com/archive/1/445231/100/0/threaded
Bugtraq: 20060912 ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery (Google Search)
http://www.securityfocus.com/archive/1/445822/100/0/threaded
Bugtraq: 20070110 VMware ESX server security updates (Google Search)
http://www.securityfocus.com/archive/1/456546/100/200/threaded
Bugtraq: 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues (Google Search)
http://www.securityfocus.com/archive/1/489739/100/0/threaded
Cert/CC Advisory: TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
CERT/CC vulnerability note: VU#845620
http://www.kb.cert.org/vuls/id/845620
Cisco Security Advisory: 20061108 Multiple Vulnerabilities in OpenSSL Library
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html
Cisco Security Advisory: 20061108 Multiple Vulnerabilities in OpenSSL library
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml
Debian Security Information: DSA-1173 (Google Search)
http://www.us.debian.org/security/2006/dsa-1173
Debian Security Information: DSA-1174 (Google Search)
http://www.debian.org/security/2006/dsa-1174
FreeBSD Security Advisory: FreeBSD-SA-06:19
http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc
http://security.gentoo.org/glsa/glsa-200609-05.xml
http://security.gentoo.org/glsa/glsa-200609-18.xml
http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
HPdes Security Advisory: HPSBMA02250
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: HPSBTU02207
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
HPdes Security Advisory: HPSBUX02153
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
HPdes Security Advisory: HPSBUX02165
http://www.securityfocus.com/archive/1/450327/100/0/threaded
HPdes Security Advisory: HPSBUX02186
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
HPdes Security Advisory: HPSBUX02219
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495
HPdes Security Advisory: SSRT061181
HPdes Security Advisory: SSRT061213
HPdes Security Advisory: SSRT061239
HPdes Security Advisory: SSRT061266
HPdes Security Advisory: SSRT061273
HPdes Security Advisory: SSRT061275
HPdes Security Advisory: SSRT071299
HPdes Security Advisory: SSRT071304
HPdes Security Advisory: SSRT090208
http://jvn.jp/en/jp/JVN51615542/index.html
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:161
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
http://www.mandriva.com/security/advisories?name=MDKSA-2006:207
http://docs.info.apple.com/article.html?artnum=307177
http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
http://marc.info/?l=bind-announce&m=116253119512445&w=2
http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
OpenBSD Security Advisory: [3.9] 20060908 011: SECURITY FIX: September 8, 2006
http://www.openbsd.org/errata.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.html
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html
http://www.osvdb.org/28549
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11656
http://www.redhat.com/support/errata/RHSA-2006-0661.html
http://www.redhat.com/support/errata/RHSA-2007-0062.html
http://www.redhat.com/support/errata/RHSA-2007-0072.html
http://www.redhat.com/support/errata/RHSA-2007-0073.html
http://www.redhat.com/support/errata/RHSA-2008-0629.html
http://securitytracker.com/id?1016791
http://securitytracker.com/id?1017522
http://secunia.com/advisories/21709
http://secunia.com/advisories/21767
http://secunia.com/advisories/21776
http://secunia.com/advisories/21778
http://secunia.com/advisories/21785
http://secunia.com/advisories/21791
http://secunia.com/advisories/21812
http://secunia.com/advisories/21823
http://secunia.com/advisories/21846
http://secunia.com/advisories/21852
http://secunia.com/advisories/21870
http://secunia.com/advisories/21873
http://secunia.com/advisories/21906
http://secunia.com/advisories/21927
http://secunia.com/advisories/21930
http://secunia.com/advisories/21982
http://secunia.com/advisories/22036
http://secunia.com/advisories/22044
http://secunia.com/advisories/22066
http://secunia.com/advisories/22161
http://secunia.com/advisories/22226
http://secunia.com/advisories/22232
http://secunia.com/advisories/22259
http://secunia.com/advisories/22260
http://secunia.com/advisories/22284
http://secunia.com/advisories/22325
http://secunia.com/advisories/22446
http://secunia.com/advisories/22509
http://secunia.com/advisories/22513
http://secunia.com/advisories/22523
http://secunia.com/advisories/22545
http://secunia.com/advisories/22585
http://secunia.com/advisories/22671
http://secunia.com/advisories/22689
http://secunia.com/advisories/22711
http://secunia.com/advisories/22733
http://secunia.com/advisories/22758
http://secunia.com/advisories/22799
http://secunia.com/advisories/22932
http://secunia.com/advisories/22934
http://secunia.com/advisories/22936
http://secunia.com/advisories/22937
http://secunia.com/advisories/22938
http://secunia.com/advisories/22939
http://secunia.com/advisories/22940
http://secunia.com/advisories/22948
http://secunia.com/advisories/22949
http://secunia.com/advisories/23155
http://secunia.com/advisories/23455
http://secunia.com/advisories/23680
http://secunia.com/advisories/23794
http://secunia.com/advisories/23841
http://secunia.com/advisories/23915
http://secunia.com/advisories/24099
http://secunia.com/advisories/24930
http://secunia.com/advisories/24950
http://secunia.com/advisories/25284
http://secunia.com/advisories/25399
http://secunia.com/advisories/25649
http://secunia.com/advisories/26329
http://secunia.com/advisories/26893
http://secunia.com/advisories/28115
http://secunia.com/advisories/31492
http://secunia.com/advisories/38567
http://secunia.com/advisories/38568
http://secunia.com/advisories/41818
http://secunia.com/advisories/60799
SGI Security Advisory: 20060901-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.605306
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.566955
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1
SuSE Security Announcement: SUSE-SA:2006:055 (Google Search)
http://www.novell.com/linux/security/advisories/2006_55_ssl.html
SuSE Security Announcement: SUSE-SA:2006:061 (Google Search)
http://www.novell.com/linux/security/advisories/2006_61_opera.html
SuSE Security Announcement: SUSE-SA:2007:010 (Google Search)
http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html
SuSE Security Announcement: SUSE-SR:2006:026 (Google Search)
http://www.novell.com/linux/security/advisories/2006_26_sr.html
http://www.ubuntu.com/usn/usn-339-1
http://www.vupen.com/english/advisories/2006/3453
http://www.vupen.com/english/advisories/2006/3566
http://www.vupen.com/english/advisories/2006/3730
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2006/3793
http://www.vupen.com/english/advisories/2006/3899
http://www.vupen.com/english/advisories/2006/3936
http://www.vupen.com/english/advisories/2006/4205
http://www.vupen.com/english/advisories/2006/4206
http://www.vupen.com/english/advisories/2006/4207
http://www.vupen.com/english/advisories/2006/4216
http://www.vupen.com/english/advisories/2006/4327
http://www.vupen.com/english/advisories/2006/4329
http://www.vupen.com/english/advisories/2006/4366
http://www.vupen.com/english/advisories/2006/4417
http://www.vupen.com/english/advisories/2006/4586
http://www.vupen.com/english/advisories/2006/4744
http://www.vupen.com/english/advisories/2006/4750
http://www.vupen.com/english/advisories/2006/5146
http://www.vupen.com/english/advisories/2007/0254
http://www.vupen.com/english/advisories/2007/0343
http://www.vupen.com/english/advisories/2007/1401
http://www.vupen.com/english/advisories/2007/1815
http://www.vupen.com/english/advisories/2007/1945
http://www.vupen.com/english/advisories/2007/2163
http://www.vupen.com/english/advisories/2007/2315
http://www.vupen.com/english/advisories/2007/2783
http://www.vupen.com/english/advisories/2007/4224
http://www.vupen.com/english/advisories/2008/0905/references
http://www.vupen.com/english/advisories/2010/0366
XForce ISS Database: openssl-rsa-security-bypass(28755)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28755
Common Vulnerability Exposure (CVE) ID: CVE-2006-6731
http://dev2dev.bea.com/pub/advisory/243
BugTraq ID: 21675
http://www.securityfocus.com/bid/21675
Cert/CC Advisory: TA07-022A
http://www.us-cert.gov/cas/techalerts/TA07-022A.html
CERT/CC vulnerability note: VU#149457
http://www.kb.cert.org/vuls/id/149457
CERT/CC vulnerability note: VU#939609
http://www.kb.cert.org/vuls/id/939609
http://security.gentoo.org/glsa/glsa-200701-15.xml
http://security.gentoo.org/glsa/glsa-200702-08.xml
http://www.gentoo.org/security/en/glsa/glsa-200705-20.xml
HPdes Security Advisory: HPSBUX02196
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579
HPdes Security Advisory: SSRT071318
http://scary.beasts.org/security/CESA-2005-008.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10134
http://securitytracker.com/id?1017425
http://secunia.com/advisories/23445
http://secunia.com/advisories/23650
http://secunia.com/advisories/23835
http://secunia.com/advisories/24189
http://secunia.com/advisories/24468
http://secunia.com/advisories/25283
http://secunia.com/advisories/25404
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
SuSE Security Announcement: SUSE-SA:2007:003 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html
http://www.vupen.com/english/advisories/2006/5073
http://www.vupen.com/english/advisories/2007/0936
http://www.vupen.com/english/advisories/2007/1814
Common Vulnerability Exposure (CVE) ID: CVE-2006-6736
BugTraq ID: 21674
http://www.securityfocus.com/bid/21674
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9729
http://securitytracker.com/id?1017427
http://secunia.com/advisories/23398
http://secunia.com/advisories/26049
http://secunia.com/advisories/26119
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
SuSE Security Announcement: SUSE-SA:2007:045 (Google Search)
http://www.novell.com/linux/security/advisories/2007_45_java.html
http://www.vupen.com/english/advisories/2006/5075
Common Vulnerability Exposure (CVE) ID: CVE-2006-6737
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11087
Common Vulnerability Exposure (CVE) ID: CVE-2006-6745
http://dev2dev.bea.com/pub/advisory/240
BugTraq ID: 21673
http://www.securityfocus.com/bid/21673
CERT/CC vulnerability note: VU#102289
http://www.kb.cert.org/vuls/id/102289
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9621
http://securitytracker.com/id?1017426
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1
http://www.vupen.com/english/advisories/2006/5074
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.