Test ID:	1.3.6.1.4.1.25623.1.0.63869
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2009:0445
Summary:	The remote host is missing updates announced in;advisory RHSA-2009:0445.;;The IBM 1.4.2 SR13 Java release includes the IBM Java 2 Runtime;Environment and the IBM Java 2 Software Development Kit.;;This update fixes several vulnerabilities in the IBM Java 2 Runtime;Environment and the IBM Java 2 Software Development Kit. These;vulnerabilities are summarized on the IBM Security alerts page listed in;the References section. (CVE-2008-2086, CVE-2008-5339, CVE-2008-5340,;CVE-2008-5342, CVE-2008-5343, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346,;CVE-2008-5348, CVE-2008-5350, CVE-2008-5351, CVE-2008-5353, CVE-2008-5354,;CVE-2008-5359, CVE-2008-5360);;All users of java-1.4.2-ibm are advised to upgrade to these updated;packages, which contain the IBM 1.4.2 SR13 Java release. All running;instances of IBM Java must be restarted for the update to take effect.
Description:	Summary: The remote host is missing updates announced in advisory RHSA-2009:0445. The IBM 1.4.2 SR13 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM Security alerts page listed in the References section. (CVE-2008-2086, CVE-2008-5339, CVE-2008-5340, CVE-2008-5342, CVE-2008-5343, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346, CVE-2008-5348, CVE-2008-5350, CVE-2008-5351, CVE-2008-5353, CVE-2008-5354, CVE-2008-5359, CVE-2008-5360) All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13 Java release. All running instances of IBM Java must be restarted for the update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2086 http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html BugTraq ID: 32620 http://www.securityfocus.com/bid/32620 Bugtraq: 20081204 CVE-2008-2086: Java Web Start File Inclusion via System PropertiesOverride (Google Search) http://www.securityfocus.com/archive/1/498907/100/0/threaded Cert/CC Advisory: TA08-340A http://www.us-cert.gov/cas/techalerts/TA08-340A.html http://security.gentoo.org/glsa/glsa-200911-02.xml HPdes Security Advisory: HPSBMA02486 http://marc.info/?l=bugtraq&m=126583436323697&w=2 HPdes Security Advisory: HPSBUX02411 http://marc.info/?l=bugtraq&m=123678756409861&w=2 HPdes Security Advisory: SSRT080111 HPdes Security Advisory: SSRT090049 http://www.vsecurity.com/bulletins/advisories/2008/JWS-props.txt http://osvdb.org/50510 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5601 RedHat Security Advisories: RHSA-2008:1018 RedHat Security Advisories: RHSA-2008:1025 http://rhn.redhat.com/errata/RHSA-2008-1025.html http://www.redhat.com/support/errata/RHSA-2009-0015.html http://www.redhat.com/support/errata/RHSA-2009-0016.html http://www.redhat.com/support/errata/RHSA-2009-0445.html http://www.securitytracker.com/id?1021318 http://secunia.com/advisories/32991 http://secunia.com/advisories/33015 http://secunia.com/advisories/33528 http://secunia.com/advisories/33710 http://secunia.com/advisories/34233 http://secunia.com/advisories/34605 http://secunia.com/advisories/34889 http://secunia.com/advisories/35065 http://secunia.com/advisories/37386 http://secunia.com/advisories/38539 http://securityreason.com/securityalert/4693 http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1 SuSE Security Announcement: SUSE-SA:2009:007 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html SuSE Security Announcement: SUSE-SA:2009:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html SuSE Security Announcement: SUSE-SR:2009:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://www.vupen.com/english/advisories/2009/0424 http://www.vupen.com/english/advisories/2009/0672 Common Vulnerability Exposure (CVE) ID: CVE-2008-5339 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6409 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://www.vupen.com/english/advisories/2008/3339 Common Vulnerability Exposure (CVE) ID: CVE-2008-5340 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6627 http://www.redhat.com/support/errata/RHSA-2009-0369.html http://secunia.com/advisories/34447 Common Vulnerability Exposure (CVE) ID: CVE-2008-5342 http://osvdb.org/50514 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6359 Common Vulnerability Exposure (CVE) ID: CVE-2008-5343 BugTraq ID: 32892 http://www.securityfocus.com/bid/32892 http://xs-sniper.com/blog/2008/12/17/sun-fixes-gifars/ http://osvdb.org/50512 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5924 Common Vulnerability Exposure (CVE) ID: CVE-2008-5344 http://osvdb.org/50513 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6249 XForce ISS Database: jre-appletclass-security-bypass(47057) https://exchange.xforce.ibmcloud.com/vulnerabilities/47057 Common Vulnerability Exposure (CVE) ID: CVE-2008-5345 http://osvdb.org/50508 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6059 RedHat Security Advisories: RHSA-2009:0466 https://rhn.redhat.com/errata/RHSA-2009-0466.html http://www.securitytracker.com/id?1021305 http://secunia.com/advisories/34972 http://sunsolve.sun.com/search/document.do?assetkey=1-26-246387-1 Common Vulnerability Exposure (CVE) ID: CVE-2008-5346 http://osvdb.org/50507 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6629 http://www.securitytracker.com/id?1021306 http://sunsolve.sun.com/search/document.do?assetkey=1-26-246386-1 Common Vulnerability Exposure (CVE) ID: CVE-2008-5348 BugTraq ID: 32608 http://www.securityfocus.com/bid/32608 http://osvdb.org/50505 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6549 http://secunia.com/advisories/33709 http://secunia.com/advisories/34259 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019797.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-246346-1 SuSE Security Announcement: SUSE-SR:2009:006 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html Common Vulnerability Exposure (CVE) ID: CVE-2008-5350 http://osvdb.org/50503 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6424 http://www.securitytracker.com/id?1021310 http://sunsolve.sun.com/search/document.do?assetkey=1-26-246266-1 Common Vulnerability Exposure (CVE) ID: CVE-2008-5351 http://osvdb.org/50502 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6212 http://www.securitytracker.com/id?1021311 http://sunsolve.sun.com/search/document.do?assetkey=1-26-245246-1 Common Vulnerability Exposure (CVE) ID: CVE-2008-5353 Bugtraq: 20090524 Hardening OSX against CVE-2008-5353 (Google Search) http://www.securityfocus.com/archive/1/503797/100/0/threaded http://blog.cr0.org/2009/05/write-once-own-everyone.html http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html http://osvdb.org/50500 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6511 http://www.securitytracker.com/id?1021313 http://secunia.com/advisories/35118 http://sunsolve.sun.com/search/document.do?assetkey=1-26-244991-1 http://www.vupen.com/english/advisories/2009/1391 Common Vulnerability Exposure (CVE) ID: CVE-2008-5354 http://www.ximido.de/research/advisories/SM_Java-BO_200811.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6537 http://sunsolve.sun.com/search/document.do?assetkey=1-26-244990-1 XForce ISS Database: jre-commandline-privilege-escalation(47060) https://exchange.xforce.ibmcloud.com/vulnerabilities/47060 Common Vulnerability Exposure (CVE) ID: CVE-2008-5359 http://www.zerodayinitiative.com/advisories/ZDI-08-080/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5841 http://secunia.com/advisories/33187 http://sunsolve.sun.com/search/document.do?assetkey=1-26-244987-1 XForce ISS Database: jre-image-processing-privilege-escalation(47048) https://exchange.xforce.ibmcloud.com/vulnerabilities/47048 Common Vulnerability Exposure (CVE) ID: CVE-2008-5360 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6596 http://www.securitytracker.com/id?1021316 http://sunsolve.sun.com/search/document.do?assetkey=1-26-244986-1 XForce ISS Database: jre-guessable-file-unauth-access(47045) https://exchange.xforce.ibmcloud.com/vulnerabilities/47045
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.