Available Exploits 

• Java Statement.invoke() Trusted Method Chain Privilege Escalation
• Java MixerSequencer Object GM_Song Structure Handling Vulnerability

Description

The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment andthe IBM Java 2 Software Development Kit.This update fixes several vulnerabilities in the IBM Java 2 RuntimeEnvironment and the IBM Java 2 Software Development Kit. Detailedvulnerability descriptions are linked from the IBM "Security alerts" page,listed in the References section. (CVE-2010-0840, CVE-2010-0841,CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0846, CVE-2010-0847,CVE-2010-0848, CVE-2010-0849)All users of java-1.5.0-ibm are advised to upgrade to these updatedpackages, containing the IBM 1.5.0 SR11-FP2 Java release. All runninginstances of IBM Java must be restarted for this update to take effect.

References

• APPLE-APPLE-SA-2010-05-18-1
• APPLE-APPLE-SA-2010-05-18-2
• BID-39062
• BID-39065
• BID-39067
• BID-39071
• BID-39073
• BID-39077
• BID-39078
• BID-39083
• CVE-2010-0840
• CVE-2010-0841
• CVE-2010-0842
• CVE-2010-0843
• CVE-2010-0844
• CVE-2010-0846
• CVE-2010-0847
• CVE-2010-0848
• CVE-2010-0849
• DISA_SEVERITY-Category I
• DISA_VMSKEY-V0027158
• IAVM-2011-A-0066
• OSVDB-63492
• OVAL-OVAL10392
• OVAL-OVAL13795
• OVAL-OVAL13971
• OVAL-OVAL14092
• OVAL-OVAL14101
• OVAL-OVAL14144
• OVAL-OVAL14282
• OVAL-OVAL14350
• OVAL-OVAL14453
• OVAL-OVAL14503
• OVAL-OVAL9899
• OVAL-OVAL9974
• REDHAT-RHSA-2010:0337
• REDHAT-RHSA-2010:0338
• REDHAT-RHSA-2010:0339
• REDHAT-RHSA-2010:0383
• REDHAT-RHSA-2010:0471
• REDHAT-RHSA-2010:0489

Solution

Related Vulnerabilities

• Cent OS: CVE-2010-0848: CESA-2010:0339 (java-1.6.0-openjdk)
• VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0842)
• SUSE Linux Security Vulnerability: CVE-2010-0847
• Apple Java security update for CVE-2010-0849
• VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0846)
• Java CPU March 2010 Sound vulnerability (CVE-2010-0843)
• SUSE Linux Security Vulnerability: CVE-2010-0849
• SUSE Linux Security Vulnerability: CVE-2010-0846
• SUSE Linux Security Vulnerability: CVE-2010-0840
• Gentoo Linux: CVE-2010-0844: Oracle JRE/JDK: Multiple vulnerabilities
• Apple Java security update for CVE-2010-0841
• VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0841)
• RHSA-2010:0574: java-1.4.2-ibm security update
• SUSE Linux Security Advisory: SUSE-SR:2010:011
• Gentoo Linux: CVE-2010-0841: Oracle JRE/JDK: Multiple vulnerabilities
• HP Systems Insight Manager - HPSBMA02547 (CVE-2010-0840): HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
• Java CPU March 2010 Java Runtime Environment vulnerability (CVE-2010-0840)
• Java CPU March 2010 ImageIO vulnerability (CVE-2010-0846)
• Cent OS: CVE-2010-0840: CESA-2010:0339 (java-1.6.0-openjdk)
• SUSE Linux Security Advisory: SUSE-SR:2010:017
• Gentoo Linux: CVE-2010-0840: Oracle JRE/JDK: Multiple vulnerabilities
• Java CPU March 2010 ImageIO vulnerability (CVE-2010-0841)
• RHSA-2010:0338: java-1.5.0-sun security update
• Apple Java security update for CVE-2010-0848
• SUSE Linux Security Vulnerability: CVE-2010-0848
• RHSA-2010:0471: Red Hat Network Satellite Server IBM Java Runtime security update
• HP Systems Insight Manager - HPSBMA02547 (CVE-2010-0842): HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
• Apple Java security update for CVE-2010-0844
• Gentoo Linux: CVE-2010-0849: Oracle JRE/JDK: Multiple vulnerabilities
• Gentoo Linux: CVE-2010-0848: Oracle JRE/JDK: Multiple vulnerabilities
• Cent OS: CVE-2010-0847: CESA-2010:0339 (java-1.6.0-openjdk)
• HP Systems Insight Manager - HPSBMA02547 (CVE-2010-0846): HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
• VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0840)
• VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0843)
• RHSA-2010:0339: java-1.6.0-openjdk security update
• HP Systems Insight Manager - HPSBMA02547 (CVE-2010-0841): HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
• HP Systems Insight Manager - HPSBMA02547 (CVE-2010-0849): HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
• VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0848)
• HP Systems Insight Manager - HPSBMA02547 (CVE-2010-0847): HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
• Gentoo Linux: CVE-2010-0842: Oracle JRE/JDK: Multiple vulnerabilities
• VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0844)
• Java CPU March 2010 Java 2D vulnerability (CVE-2010-0849)
• Java CPU March 2010 Sound vulnerability (CVE-2010-0842)
• SUSE Linux Security Advisory: SUSE-SR:2010:008
• Apple Java security update for CVE-2010-0842
• Java CPU March 2010 Java 2D vulnerability (CVE-2010-0848)
• HP Systems Insight Manager - HPSBMA02547 (CVE-2010-0843): HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
• SUSE Linux Security Vulnerability: CVE-2010-0842
• RHSA-2010:0337: java-1.6.0-sun security update
• SUSE Linux Security Vulnerability: CVE-2010-0844
• USN-923-1: OpenJDK vulnerabilities
• Gentoo Linux: CVE-2010-0843: Oracle JRE/JDK: Multiple vulnerabilities
• VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0849)
• RHSA-2010:0586: java-1.4.2-ibm-sap security update
• Gentoo Linux: CVE-2010-0846: Oracle JRE/JDK: Multiple vulnerabilities
• RHSA-2010:0383: java-1.6.0-ibm security update
• SUSE Linux Security Vulnerability: CVE-2010-0843
• SUSE Linux Security Vulnerability: CVE-2010-0841
• HP Systems Insight Manager - HPSBMA02547 (CVE-2010-0848): HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
• VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0847)
• Apple Java security update for CVE-2010-0840
• Apple Java security update for CVE-2010-0843
• Java CPU March 2010 Sound vulnerability (CVE-2010-0844)
• Gentoo Linux: CVE-2010-0847: Oracle JRE/JDK: Multiple vulnerabilities
• Apple Java security update for CVE-2010-0846
• Java CPU March 2010 Java 2D vulnerability (CVE-2010-0847)
• Apple Java security update for CVE-2010-0847