Bug 227990
| Summary: | CVE-2006-6736 Multiple JRE flaws (CVE-2006-6737 CVE-2006-6745 CVE-2006-6731 CVE-2006-4339) | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 4 | Reporter: | Mark J. Cox <mjc> |
| Component: | java-1.5.0-ibm | Assignee: | Thomas Fitzsimmons <fitzsim> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 4.0 | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | public=20070104,impact=critical | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-02-09 12:09:52 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
IBM fixed a number of flaws in their Java Runtime Environment in 1.5.0 SR3: http://www-128.ibm.com/developerworks/java/jdk/alerts/ Two vulnerabilities in the Java Runtime Environment may independently allow an untrusted applet to access data in other applets. CVE-2006-6736 CVE-2006-6737 (sun#102732) Two vulnerabilities in the Java(TM) Runtime Environment with serialization may independently allow an untrusted applet or application to elevate its privileges. (sun#102731) CVE-2006-6745 Two buffer overflow vulnerabilities in the Java(TM) Runtime Environment may independently allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (sun#102729) CVE-2006-6731 public=20060104,impact=critical An RSA(1) Signature Verification vulnerability allows unauthorized forged certificates to be validated. This may result in a number of different types of remote exploits. (20061012 sun#102646/8) CVE-2006-4339 We will prepare a security advisory to alert users that these issues existed, although they were fixed in a previous erratum: Please note that the packages in this erratum are the same as those we released on January 24th 2007 in advisory RHEA-2007:0027. We have issued this security update as at the time of release we were not aware the update fixed critical security issues. If you have already updated to those packages you will not need to apply this update.