RHSA-2009:1571: java-1.5.0-sun security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | November 04, 2009 | November 11, 2009 | September 08, 2015 |
Available Exploits 
Description
The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment andthe Sun Java 5 Software Development Kit.This update fixes several vulnerabilities in the Sun Java 5 RuntimeEnvironment and the Sun Java 5 Software Development Kit. Thesevulnerabilities are summarized on the "Advance notification of SecurityUpdates for Java SE" page from Sun Microsystems, listed in the Referencessection. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3873, CVE-2009-3876,CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882,CVE-2009-3883, CVE-2009-3884)Note: This is the final update for the java-1.5.0-sun packages, as the SunJava SE Release family 5.0 has now reached End of Service Life. The nextupdate will remove the java-1.5.0-sun packages.An alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of theIBM Developer Kit for Linux, which is available from the Extras andSupplementary channels on the Red Hat Network. For users of applicationsthat are capable of using the Java 6 runtime, the OpenJDK open source JDKis included in Red Hat Enterprise Linux 5 (since 5.3) and is supported byRed Hat.Users of java-1.5.0-sun should upgrade to these updated packages, whichcorrect these issues. All running instances of Sun Java must be restartedfor the update to take effect.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
- APPLE-APPLE-SA-2009-11-09-1
- APPLE-APPLE-SA-2009-12-03-1
- APPLE-APPLE-SA-2009-12-03-2
- BID-36881
- CVE-2009-2409
- CVE-2009-3728
- CVE-2009-3867
- CVE-2009-3868
- CVE-2009-3869
- CVE-2009-3871
- CVE-2009-3873
- CVE-2009-3874
- CVE-2009-3875
- CVE-2009-3876
- CVE-2009-3877
- CVE-2009-3879
- CVE-2009-3880
- CVE-2009-3881
- CVE-2009-3882
- CVE-2009-3883
- CVE-2009-3884
- DEBIAN-DSA-1874
- DEBIAN-DSA-1888
- OVAL-OVAL10191
- OVAL-OVAL10328
- OVAL-OVAL10469
- OVAL-OVAL10520
- OVAL-OVAL10741
- OVAL-OVAL10761
- OVAL-OVAL10763
- OVAL-OVAL11262
- OVAL-OVAL11484
- OVAL-OVAL11566
- OVAL-OVAL11686
- OVAL-OVAL11746
- OVAL-OVAL11834
- OVAL-OVAL11847
- OVAL-OVAL11903
- OVAL-OVAL11934
- OVAL-OVAL12057
- OVAL-OVAL12112
- OVAL-OVAL12134
- OVAL-OVAL12232
- OVAL-OVAL6631
- OVAL-OVAL6657
- OVAL-OVAL6698
- OVAL-OVAL6746
- OVAL-OVAL6786
- OVAL-OVAL6805
- OVAL-OVAL6906
- OVAL-OVAL6960
- OVAL-OVAL6968
- OVAL-OVAL6970
- OVAL-OVAL7148
- OVAL-OVAL7155
- OVAL-OVAL7300
- OVAL-OVAL7316
- OVAL-OVAL7400
- OVAL-OVAL7442
- OVAL-OVAL7545
- OVAL-OVAL7549
- OVAL-OVAL7750
- OVAL-OVAL7913
- OVAL-OVAL8275
- OVAL-OVAL8330
- OVAL-OVAL8396
- OVAL-OVAL8566
- OVAL-OVAL8594
- OVAL-OVAL8603
- OVAL-OVAL8608
- OVAL-OVAL8622
- OVAL-OVAL8841
- OVAL-OVAL9360
- OVAL-OVAL9568
- OVAL-OVAL9602
- REDHAT-RHSA-2009:1207
- REDHAT-RHSA-2009:1432
- REDHAT-RHSA-2009:1571
- REDHAT-RHSA-2009:1694
- REDHAT-RHSA-2010:0095
- SUSE-SUSE-SA:2009:058
Solution
linuxrpm-upgrade-rhel40-ix86-java-1_5_0-sunRelated Vulnerabilities
- SUSE Linux Security Vulnerability: CVE-2009-3883
- Apple Java security update for CVE-2009-3872
- JRE Deployment Toolkit Vulnerability
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3871)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3867)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3882)
- JRE DER Decoding Denial of Service
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3871)
- RHSA-2009:1184: nspr and nss security and bug fix update
- USN-830-1: OpenSSL vulnerability
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3866)
- SUSE Linux Security Vulnerability: CVE-2009-3868
- JRE Non-English Update Flaw
- Cent OS: CVE-2009-3869: CESA-2009:1584 (java-1.6.0-openjdk)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3728)
- JRE Audio and Image File Buffer and Integer Overflow Vulnerabilities
- SUSE Linux Security Vulnerability: CVE-2009-3876
- SUSE Linux Security Vulnerability: CVE-2009-3881
- ELSA-2010-0163 Moderate: Enterprise Linux openssl security update
- USN-809-1: GnuTLS vulnerabilities
- USN-810-1: NSS vulnerabilities
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3865)
- Apple Java security update for CVE-2009-3865
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3876)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3874)
- Apple Java security update for CVE-2009-3884
- RHSA-2009:1584: java-1.6.0-openjdk security update
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3879)
- Apple Java security update for CVE-2009-3875
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3868)
- Apple Java security update for CVE-2009-3877
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3873)
- SUSE Linux Security Vulnerability: CVE-2009-3874
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3875)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3869)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3867)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3864)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3877)
- SUSE Linux Security Vulnerability: CVE-2009-3865
- Cent OS: CVE-2009-3873: CESA-2009:1584 (java-1.6.0-openjdk)
- Apple Java security update for CVE-2009-3871
- ELSA-2010-0054 Moderate: Enterprise Linux openssl security update
- SUSE Linux Security Vulnerability: CVE-2009-3875
- SUSE Linux Security Vulnerability: CVE-2009-3882
- ELSA-2010-0166 Moderate: Enterprise Linux gnutls security update
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3868)
- RHSA-2010:0163: openssl security update
- RHSA-2009:1207: nspr and nss security update
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3880)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3875)
- RHSA-2010:0166: gnutls security update
- Cent OS: CVE-2009-3875: CESA-2009:1584 (java-1.6.0-openjdk)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3866)
- Cent OS: CVE-2009-3874: CESA-2009:1584 (java-1.6.0-openjdk)
- SUSE Linux Security Vulnerability: CVE-2009-3877
- RHSA-2009:1694: java-1.6.0-ibm security update
- SUSE Linux Security Vulnerability: CVE-2009-3884
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3872)
- RHSA-2009:1560: java-1.6.0-sun security update
- Sun Patch: SunOS 5.10_x86: openssl patch
- SUSE Linux Security Vulnerability: CVE-2009-3728
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3883)
- Cent OS: CVE-2009-3871: CESA-2009:1584 (java-1.6.0-openjdk)
- SUSE Linux Security Vulnerability: CVE-2009-3871
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3872)
- Apple Java security update for CVE-2009-3728
- VMSA-2010-0015.1: Service Console update (CVE-2009-2409)
- RHSA-2009:1647: java-1.5.0-ibm security update
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3873)
- JRE Timing Attack
- SUSE Linux Security Vulnerability: CVE-2009-3873
- Apple Java security update for CVE-2009-3873
- JRE Multiple Overflows
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3884)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3869)
- RHSA-2009:1190: nspr and nss security and bug fix update
- RHSA-2010:0054: openssl security update
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3880)
- RHSA-2010:0043: Red Hat Network Satellite Server IBM Java Runtime security update
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3884)
- Apple Java security update for CVE-2009-3874
- Apple Java security update for CVE-2009-3866
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3864)
- USN-859-1: OpenJDK vulnerabilities
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3881)
- Apple Java security update for CVE-2009-3868
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3874)
- JRE HMAC Digest Flaw
- RHSA-2009:1662: Red Hat Network Satellite Server Sun Java Runtime security update
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3876)
- JRE Untrusted Application Privilege Escalation Vulnerability
- SUSE Linux Security Vulnerability: CVE-2009-3866
- RHSA-2009:1551: java-1.4.2-ibm security update
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3728)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3879)
- RHSA-2010:0408: java-1.4.2-ibm security update
- SUSE Linux Security Vulnerability: CVE-2009-3864
- RHSA-2009:1643: java-1.4.2-ibm security update
- SUSE Linux Security Vulnerability: CVE-2009-3879
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3882)