Rapid7 Vulnerability & Exploit Database

RHSA-2009:1571: java-1.5.0-sun security update

Back to Search

RHSA-2009:1571: java-1.5.0-sun security update



The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment andthe Sun Java 5 Software Development Kit.This update fixes several vulnerabilities in the Sun Java 5 RuntimeEnvironment and the Sun Java 5 Software Development Kit. Thesevulnerabilities are summarized on the "Advance notification of SecurityUpdates for Java SE" page from Sun Microsystems, listed in the Referencessection. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3873, CVE-2009-3876,CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882,CVE-2009-3883, CVE-2009-3884)Note: This is the final update for the java-1.5.0-sun packages, as the SunJava SE Release family 5.0 has now reached End of Service Life. The nextupdate will remove the java-1.5.0-sun packages.An alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of theIBM Developer Kit for Linux, which is available from the Extras andSupplementary channels on the Red Hat Network. For users of applicationsthat are capable of using the Java 6 runtime, the OpenJDK open source JDKis included in Red Hat Enterprise Linux 5 (since 5.3) and is supported byRed Hat.Users of java-1.5.0-sun should upgrade to these updated packages, whichcorrect these issues. All running instances of Sun Java must be restartedfor the update to take effect.


  • redhat-upgrade-java-1-5-0-sun
  • redhat-upgrade-java-1-5-0-sun-demo
  • redhat-upgrade-java-1-5-0-sun-devel
  • redhat-upgrade-java-1-5-0-sun-jdbc
  • redhat-upgrade-java-1-5-0-sun-plugin
  • redhat-upgrade-java-1-5-0-sun-src

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center