Rapid7 Vulnerability & Exploit Database

RHSA-2015:1020: java-1.7.1-ibm security update

Back to Search

RHSA-2015:1020: java-1.7.1-ibm security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
04/16/2015
Created
07/25/2018
Added
05/25/2015
Modified
07/04/2017

Description

IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environmentand the IBM Java Software Development Kit.This update fixes several vulnerabilities in the IBM Java RuntimeEnvironment and the IBM Java Software Development Kit. Further informationabout these flaws can be found on the IBM Java Security alerts page, listedin the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192,CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478,CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808)The CVE-2015-0478 issue was discovered by Florian Weimer of Red HatProduct Security.Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suitesby default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzillabug 1207101, linked to in the References section, for additional detailsabout this change.All users of java-1.7.1-ibm are advised to upgrade to these updatedpackages, containing the IBM Java SE 7R1 SR3 release. All running instancesof IBM Java must be restarted for the update to take effect.

Solution(s)

  • redhat-upgrade-java-1-7-1-ibm
  • redhat-upgrade-java-1-7-1-ibm-demo
  • redhat-upgrade-java-1-7-1-ibm-devel
  • redhat-upgrade-java-1-7-1-ibm-jdbc
  • redhat-upgrade-java-1-7-1-ibm-plugin
  • redhat-upgrade-java-1-7-1-ibm-src

References

  • redhat-upgrade-java-1-7-1-ibm
  • redhat-upgrade-java-1-7-1-ibm-demo
  • redhat-upgrade-java-1-7-1-ibm-devel
  • redhat-upgrade-java-1-7-1-ibm-jdbc
  • redhat-upgrade-java-1-7-1-ibm-plugin
  • redhat-upgrade-java-1-7-1-ibm-src

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;