Rapid7 Vulnerability & Exploit Database

RHSA-2015:1544: java-1.5.0-ibm security update

Back to Search

RHSA-2015:1544: java-1.5.0-ibm security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
07/16/2015
Created
07/25/2018
Added
08/05/2015
Modified
03/21/2018

Description

IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBMJava Software Development Kit.This update fixes several vulnerabilities in the IBM Java RuntimeEnvironment and the IBM Java Software Development Kit. Further informationabout these flaws can be found on the IBM Java Security alerts page, listedin the References section. (CVE-2015-1931, CVE-2015-2590, CVE-2015-2601,CVE-2015-2621, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664,CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748,CVE-2015-4749, CVE-2015-4760)Note: This update forces the TLS/SSL client implementation in IBM JDK toreject DH key sizes below 768 bits to address the CVE-2015-4000 issue.Refer to Red Hat Bugzilla bug 1223211, linked to in the References section,for additional details about this change.IBM Java SDK and JRE 5.0 will not receive software updates after September2015. This date is referred to as the End of Service (EOS) date. Customersare advised to migrate to current versions of IBM Java at this time. IBMJava SDK and JRE versions 6 and 7 are available via the Red Hat EnterpriseLinux 5 and 6 Supplementary content sets and will continue to receiveupdates based on IBM's lifecycle policy, linked to in the Referencessection.Customers can also consider OpenJDK, an open source implementation ofthe Java SE specification. OpenJDK is available by default on supportedhardware architectures.All users of java-1.5.0-ibm are advised to upgrade to these updatedpackages, containing the IBM J2SE 5.0 SR16-FP13 release. All runninginstances of IBM Java must be restarted for this update to take effect.

Solution(s)

  • redhat-upgrade-java-1-5-0-ibm
  • redhat-upgrade-java-1-5-0-ibm-accessibility
  • redhat-upgrade-java-1-5-0-ibm-demo
  • redhat-upgrade-java-1-5-0-ibm-devel
  • redhat-upgrade-java-1-5-0-ibm-javacomm
  • redhat-upgrade-java-1-5-0-ibm-jdbc
  • redhat-upgrade-java-1-5-0-ibm-plugin
  • redhat-upgrade-java-1-5-0-ibm-src

References

  • redhat-upgrade-java-1-5-0-ibm
  • redhat-upgrade-java-1-5-0-ibm-accessibility
  • redhat-upgrade-java-1-5-0-ibm-demo
  • redhat-upgrade-java-1-5-0-ibm-devel
  • redhat-upgrade-java-1-5-0-ibm-javacomm
  • redhat-upgrade-java-1-5-0-ibm-jdbc
  • redhat-upgrade-java-1-5-0-ibm-plugin
  • redhat-upgrade-java-1-5-0-ibm-src

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;