Rapid7 VulnDB

RHSA-2010:0770: java-1.6.0-sun security update

Back to Search

RHSA-2010:0770: java-1.6.0-sun security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
10/19/2010
Created
07/25/2018
Added
10/25/2010
Modified
07/04/2017

Description

The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment andthe Sun Java 6 Software Development Kit.This update fixes several vulnerabilities in the Sun Java 6 RuntimeEnvironment and the Sun Java 6 Software Development Kit. Furtherinformation about these flaws can be found on the "Oracle Java SE and Javafor Business Critical Patch Update Advisory" page, listed in the Referencessection. (CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549,CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554,CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559,CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570,CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574)The RHSA-2010:0337 update mitigated a man-in-the-middle attack in the waythe TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocolshandle session renegotiation by disabling renegotiation. This updateimplements the TLS Renegotiation Indication Extension as defined in RFC5746, allowing secure renegotiation between updated clients and servers.(CVE-2009-3555)Users of java-1.6.0-sun should upgrade to these updated packages, whichcorrect these issues. All running instances of Sun Java must be restartedfor the update to take effect.

Solution(s)

  • redhat-upgrade-java-1-6-0-sun
  • redhat-upgrade-java-1-6-0-sun-demo
  • redhat-upgrade-java-1-6-0-sun-devel
  • redhat-upgrade-java-1-6-0-sun-jdbc
  • redhat-upgrade-java-1-6-0-sun-plugin
  • redhat-upgrade-java-1-6-0-sun-src

References

  • redhat-upgrade-java-1-6-0-sun
  • redhat-upgrade-java-1-6-0-sun-demo
  • redhat-upgrade-java-1-6-0-sun-devel
  • redhat-upgrade-java-1-6-0-sun-jdbc
  • redhat-upgrade-java-1-6-0-sun-plugin
  • redhat-upgrade-java-1-6-0-sun-src

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;