Rapid7 Vulnerability & Exploit Database

RHSA-2010:0338: java-1.5.0-sun security update

Back to Search

RHSA-2010:0338: java-1.5.0-sun security update



The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment andthe Sun Java 5 Software Development Kit.The java-1.5.0-sun packages are vulnerable to a number of security flawsand should no longer be used. (CVE-2009-3555, CVE-2010-0082, CVE-2010-0084,CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0091,CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837,CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842,CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847,CVE-2010-0848, CVE-2010-0849)The Sun Java SE Release family 5.0 reached its End of Service Life onNovember 3, 2009. The RHSA-2009:1571 update provided the final publiclyavailable update of version 5.0 (Update 22). Users interested in continuingto receive critical fixes for Sun Java SE 5.0 should contact Oracle:http://www.sun.com/software/javaforbusiness/index.jspAn alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of theIBM Developer Kit for Linux, which is available from the Extras andSupplementary channels on the Red Hat Network.Applications capable of using the Java 6 runtime can be migrated to Java 6on: OpenJDK (java-1.6.0-openjdk), an open source JDK included in Red HatEnterprise Linux 5, since 5.3; the IBM JDK, java-1.6.0-ibm; or the Sun JDK,java-1.6.0-sun.This update removes the java-1.5.0-sun packages as they have reached theirEnd of Service Life.


  • redhat-upgrade-java-1-5-0-sun-uninstall

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center