Rapid7 Vulnerability & Exploit Database

RHSA-2010:0337: java-1.6.0-sun security update

Back to Search

RHSA-2010:0337: java-1.6.0-sun security update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
04/01/2010
Created
07/25/2018
Added
04/06/2010
Modified
07/04/2017

Description

The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment andthe Sun Java 6 Software Development Kit.This update fixes several vulnerabilities in the Sun Java 6 RuntimeEnvironment and the Sun Java 6 Software Development Kit. Furtherinformation about these flaws can be found on the "Oracle Java SE and Javafor Business Critical Patch Update Advisory" page, listed in theReferences section. (CVE-2009-3555, CVE-2010-0082, CVE-2010-0084,CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090,CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095,CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846,CVE-2010-0847, CVE-2010-0848, CVE-2010-0849)For the CVE-2009-3555 issue, this update disables renegotiation in the JavaSecure Socket Extension (JSSE) component. Unsafe renegotiation can bere-enabled using the sun.security.ssl.allowUnsafeRenegotiation property.Refer to the following Knowledgebase article for details:http://kbase.redhat.com/faq/docs/DOC-20491Users of java-1.6.0-sun should upgrade to these updated packages, whichcorrect these issues. All running instances of Sun Java must be restartedfor the update to take effect.

Solution(s)

  • redhat-upgrade-java-1-6-0-sun
  • redhat-upgrade-java-1-6-0-sun-demo
  • redhat-upgrade-java-1-6-0-sun-devel
  • redhat-upgrade-java-1-6-0-sun-jdbc
  • redhat-upgrade-java-1-6-0-sun-plugin
  • redhat-upgrade-java-1-6-0-sun-src

References

  • redhat-upgrade-java-1-6-0-sun
  • redhat-upgrade-java-1-6-0-sun-demo
  • redhat-upgrade-java-1-6-0-sun-devel
  • redhat-upgrade-java-1-6-0-sun-jdbc
  • redhat-upgrade-java-1-6-0-sun-plugin
  • redhat-upgrade-java-1-6-0-sun-src

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;