ID CVE-2015-4911
Summary Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jrockit:r28.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jrockit:r28.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update_85:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update_85:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:update_60:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.8.0:update_60:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_101:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_101:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:update_51:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.8.0:update_51:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:update51:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:update51:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:update60:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:update60:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update101:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update101:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update85:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update85:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 13-05-2022 - 14:38)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1273734
    title CVE-2015-4872 OpenJDK: incomplete constraints enforcement by AlgorithmChecker (Security, 8131291)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.8.0-openjdk is earlier than 1:1.8.0.65-0.b17.el6_7
            oval oval:com.redhat.rhsa:tst:20151919001
          • comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636002
        • AND
          • comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.65-0.b17.el6_7
            oval oval:com.redhat.rhsa:tst:20151919003
          • comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919004
        • AND
          • comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.65-0.b17.el6_7
            oval oval:com.redhat.rhsa:tst:20151919005
          • comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636004
        • AND
          • comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.65-0.b17.el6_7
            oval oval:com.redhat.rhsa:tst:20151919007
          • comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919008
        • AND
          • comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.65-0.b17.el6_7
            oval oval:com.redhat.rhsa:tst:20151919009
          • comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636006
        • AND
          • comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.65-0.b17.el6_7
            oval oval:com.redhat.rhsa:tst:20151919011
          • comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919012
        • AND
          • comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.65-0.b17.el6_7
            oval oval:com.redhat.rhsa:tst:20151919013
          • comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636008
        • AND
          • comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.65-0.b17.el6_7
            oval oval:com.redhat.rhsa:tst:20151919015
          • comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919016
        • AND
          • comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.65-0.b17.el6_7
            oval oval:com.redhat.rhsa:tst:20151919017
          • comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636010
        • AND
          • comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.65-0.b17.el6_7
            oval oval:com.redhat.rhsa:tst:20151919019
          • comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919020
        • AND
          • comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.65-0.b17.el6_7
            oval oval:com.redhat.rhsa:tst:20151919021
          • comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636012
        • AND
          • comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.65-0.b17.el6_7
            oval oval:com.redhat.rhsa:tst:20151919023
          • comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919024
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.8.0-openjdk is earlier than 1:1.8.0.65-2.b17.el7_1
            oval oval:com.redhat.rhsa:tst:20151919026
          • comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636002
        • AND
          • comment java-1.8.0-openjdk-accessibility is earlier than 1:1.8.0.65-2.b17.el7_1
            oval oval:com.redhat.rhsa:tst:20151919027
          • comment java-1.8.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150809016
        • AND
          • comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.65-2.b17.el7_1
            oval oval:com.redhat.rhsa:tst:20151919029
          • comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636004
        • AND
          • comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.65-2.b17.el7_1
            oval oval:com.redhat.rhsa:tst:20151919030
          • comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636006
        • AND
          • comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.65-2.b17.el7_1
            oval oval:com.redhat.rhsa:tst:20151919031
          • comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636008
        • AND
          • comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.65-2.b17.el7_1
            oval oval:com.redhat.rhsa:tst:20151919032
          • comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636010
        • AND
          • comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.65-2.b17.el7_1
            oval oval:com.redhat.rhsa:tst:20151919033
          • comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636012
    rhsa
    id RHSA-2015:1919
    released 2015-10-21
    severity Important
    title RHSA-2015:1919: java-1.8.0-openjdk security update (Important)
  • bugzilla
    id 1273734
    title CVE-2015-4872 OpenJDK: incomplete constraints enforcement by AlgorithmChecker (Security, 8131291)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.91-2.6.2.2.el6_7
            oval oval:com.redhat.rhsa:tst:20151920001
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009002
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.91-2.6.2.2.el6_7
            oval oval:com.redhat.rhsa:tst:20151920003
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009004
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.91-2.6.2.2.el6_7
            oval oval:com.redhat.rhsa:tst:20151920005
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009006
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.91-2.6.2.2.el6_7
            oval oval:com.redhat.rhsa:tst:20151920007
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009008
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.91-2.6.2.2.el6_7
            oval oval:com.redhat.rhsa:tst:20151920009
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009010
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.91-2.6.2.1.el7_1
            oval oval:com.redhat.rhsa:tst:20151920012
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009002
        • AND
          • comment java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.91-2.6.2.1.el7_1
            oval oval:com.redhat.rhsa:tst:20151920013
          • comment java-1.7.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140675004
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.91-2.6.2.1.el7_1
            oval oval:com.redhat.rhsa:tst:20151920015
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009004
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.91-2.6.2.1.el7_1
            oval oval:com.redhat.rhsa:tst:20151920016
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009006
        • AND
          • comment java-1.7.0-openjdk-headless is earlier than 1:1.7.0.91-2.6.2.1.el7_1
            oval oval:com.redhat.rhsa:tst:20151920017
          • comment java-1.7.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140675010
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.91-2.6.2.1.el7_1
            oval oval:com.redhat.rhsa:tst:20151920019
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009008
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.91-2.6.2.1.el7_1
            oval oval:com.redhat.rhsa:tst:20151920020
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009010
    rhsa
    id RHSA-2015:1920
    released 2015-10-21
    severity Critical
    title RHSA-2015:1920: java-1.7.0-openjdk security update (Critical)
  • bugzilla
    id 1273734
    title CVE-2015-4872 OpenJDK: incomplete constraints enforcement by AlgorithmChecker (Security, 8131291)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.91-2.6.2.1.el5_11
            oval oval:com.redhat.rhsa:tst:20151921001
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165013
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.91-2.6.2.1.el5_11
            oval oval:com.redhat.rhsa:tst:20151921003
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165015
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.91-2.6.2.1.el5_11
            oval oval:com.redhat.rhsa:tst:20151921005
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165017
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.91-2.6.2.1.el5_11
            oval oval:com.redhat.rhsa:tst:20151921007
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165019
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.91-2.6.2.1.el5_11
            oval oval:com.redhat.rhsa:tst:20151921009
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165021
    rhsa
    id RHSA-2015:1921
    released 2015-10-21
    severity Important
    title RHSA-2015:1921: java-1.7.0-openjdk security update (Important)
  • bugzilla
    id 1273860
    title CVE-2015-4902 Oracle JDK: unspecified vulnerability fixed in 6u105, 7u91 and 8u65 (Deployment)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment java-1.7.0-oracle is earlier than 1:1.7.0.91-1jpp.1.el5_11
            oval oval:com.redhat.rhsa:tst:20151927001
          • comment java-1.7.0-oracle is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20140413002
        • AND
          • comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.91-1jpp.1.el5_11
            oval oval:com.redhat.rhsa:tst:20151927003
          • comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20140413004
        • AND
          • comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.91-1jpp.1.el5_11
            oval oval:com.redhat.rhsa:tst:20151927005
          • comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20140413006
        • AND
          • comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.91-1jpp.1.el5_11
            oval oval:com.redhat.rhsa:tst:20151927007
          • comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20140413008
        • AND
          • comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.91-1jpp.1.el5_11
            oval oval:com.redhat.rhsa:tst:20151927009
          • comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20140413010
        • AND
          • comment java-1.7.0-oracle-src is earlier than 1:1.7.0.91-1jpp.1.el5_11
            oval oval:com.redhat.rhsa:tst:20151927011
          • comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20140413012
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.7.0-oracle is earlier than 1:1.7.0.91-1jpp.1.el7_1
            oval oval:com.redhat.rhsa:tst:20151927014
          • comment java-1.7.0-oracle is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413015
        • AND
          • comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.91-1jpp.1.el7_1
            oval oval:com.redhat.rhsa:tst:20151927016
          • comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413017
        • AND
          • comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.91-1jpp.1.el7_1
            oval oval:com.redhat.rhsa:tst:20151927018
          • comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413019
        • AND
          • comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.91-1jpp.1.el7_1
            oval oval:com.redhat.rhsa:tst:20151927020
          • comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413021
        • AND
          • comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.91-1jpp.1.el7_1
            oval oval:com.redhat.rhsa:tst:20151927022
          • comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413023
        • AND
          • comment java-1.7.0-oracle-src is earlier than 1:1.7.0.91-1jpp.1.el7_1
            oval oval:com.redhat.rhsa:tst:20151927024
          • comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413025
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.7.0-oracle is earlier than 1:1.7.0.91-1jpp.1.el6_7
            oval oval:com.redhat.rhsa:tst:20151927027
          • comment java-1.7.0-oracle is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413015
        • AND
          • comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.91-1jpp.1.el6_7
            oval oval:com.redhat.rhsa:tst:20151927028
          • comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413017
        • AND
          • comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.91-1jpp.1.el6_7
            oval oval:com.redhat.rhsa:tst:20151927029
          • comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413019
        • AND
          • comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.91-1jpp.1.el6_7
            oval oval:com.redhat.rhsa:tst:20151927030
          • comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413021
        • AND
          • comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.91-1jpp.1.el6_7
            oval oval:com.redhat.rhsa:tst:20151927031
          • comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413023
        • AND
          • comment java-1.7.0-oracle-src is earlier than 1:1.7.0.91-1jpp.1.el6_7
            oval oval:com.redhat.rhsa:tst:20151927032
          • comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413025
    rhsa
    id RHSA-2015:1927
    released 2015-10-22
    severity Critical
    title RHSA-2015:1927: java-1.7.0-oracle security update (Critical)
  • bugzilla
    id 1273860
    title CVE-2015-4902 Oracle JDK: unspecified vulnerability fixed in 6u105, 7u91 and 8u65 (Deployment)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment java-1.6.0-sun is earlier than 1:1.6.0.105-1jpp.2.el5_11
            oval oval:com.redhat.rhsa:tst:20151928001
          • comment java-1.6.0-sun is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20140414002
        • AND
          • comment java-1.6.0-sun-demo is earlier than 1:1.6.0.105-1jpp.2.el5_11
            oval oval:com.redhat.rhsa:tst:20151928003
          • comment java-1.6.0-sun-demo is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20140414004
        • AND
          • comment java-1.6.0-sun-devel is earlier than 1:1.6.0.105-1jpp.2.el5_11
            oval oval:com.redhat.rhsa:tst:20151928005
          • comment java-1.6.0-sun-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20140414006
        • AND
          • comment java-1.6.0-sun-jdbc is earlier than 1:1.6.0.105-1jpp.2.el5_11
            oval oval:com.redhat.rhsa:tst:20151928007
          • comment java-1.6.0-sun-jdbc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20140414008
        • AND
          • comment java-1.6.0-sun-plugin is earlier than 1:1.6.0.105-1jpp.2.el5_11
            oval oval:com.redhat.rhsa:tst:20151928009
          • comment java-1.6.0-sun-plugin is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20140414010
        • AND
          • comment java-1.6.0-sun-src is earlier than 1:1.6.0.105-1jpp.2.el5_11
            oval oval:com.redhat.rhsa:tst:20151928011
          • comment java-1.6.0-sun-src is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20140414012
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.6.0-sun is earlier than 1:1.6.0.105-1jpp.2.el7_1
            oval oval:com.redhat.rhsa:tst:20151928014
          • comment java-1.6.0-sun is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414015
        • AND
          • comment java-1.6.0-sun-demo is earlier than 1:1.6.0.105-1jpp.2.el7_1
            oval oval:com.redhat.rhsa:tst:20151928016
          • comment java-1.6.0-sun-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414017
        • AND
          • comment java-1.6.0-sun-devel is earlier than 1:1.6.0.105-1jpp.2.el7_1
            oval oval:com.redhat.rhsa:tst:20151928018
          • comment java-1.6.0-sun-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414019
        • AND
          • comment java-1.6.0-sun-jdbc is earlier than 1:1.6.0.105-1jpp.2.el7_1
            oval oval:com.redhat.rhsa:tst:20151928020
          • comment java-1.6.0-sun-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414021
        • AND
          • comment java-1.6.0-sun-plugin is earlier than 1:1.6.0.105-1jpp.2.el7_1
            oval oval:com.redhat.rhsa:tst:20151928022
          • comment java-1.6.0-sun-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414023
        • AND
          • comment java-1.6.0-sun-src is earlier than 1:1.6.0.105-1jpp.2.el7_1
            oval oval:com.redhat.rhsa:tst:20151928024
          • comment java-1.6.0-sun-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414025
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.6.0-sun is earlier than 1:1.6.0.105-1jpp.2.el6_7
            oval oval:com.redhat.rhsa:tst:20151928027
          • comment java-1.6.0-sun is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414015
        • AND
          • comment java-1.6.0-sun-demo is earlier than 1:1.6.0.105-1jpp.2.el6_7
            oval oval:com.redhat.rhsa:tst:20151928028
          • comment java-1.6.0-sun-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414017
        • AND
          • comment java-1.6.0-sun-devel is earlier than 1:1.6.0.105-1jpp.2.el6_7
            oval oval:com.redhat.rhsa:tst:20151928029
          • comment java-1.6.0-sun-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414019
        • AND
          • comment java-1.6.0-sun-jdbc is earlier than 1:1.6.0.105-1jpp.2.el6_7
            oval oval:com.redhat.rhsa:tst:20151928030
          • comment java-1.6.0-sun-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414021
        • AND
          • comment java-1.6.0-sun-plugin is earlier than 1:1.6.0.105-1jpp.2.el6_7
            oval oval:com.redhat.rhsa:tst:20151928031
          • comment java-1.6.0-sun-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414023
        • AND
          • comment java-1.6.0-sun-src is earlier than 1:1.6.0.105-1jpp.2.el6_7
            oval oval:com.redhat.rhsa:tst:20151928032
          • comment java-1.6.0-sun-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414025
    rhsa
    id RHSA-2015:1928
    released 2015-10-22
    severity Important
    title RHSA-2015:1928: java-1.6.0-sun security update (Important)
  • bugzilla
    id 1273734
    title CVE-2015-4872 OpenJDK: incomplete constraints enforcement by AlgorithmChecker (Security, 8131291)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment java-1.6.0-openjdk is earlier than 1:1.6.0.37-1.13.9.4.el5_11
            oval oval:com.redhat.rhsa:tst:20152086001
          • comment java-1.6.0-openjdk is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090377002
        • AND
          • comment java-1.6.0-openjdk-demo is earlier than 1:1.6.0.37-1.13.9.4.el5_11
            oval oval:com.redhat.rhsa:tst:20152086003
          • comment java-1.6.0-openjdk-demo is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090377004
        • AND
          • comment java-1.6.0-openjdk-devel is earlier than 1:1.6.0.37-1.13.9.4.el5_11
            oval oval:com.redhat.rhsa:tst:20152086005
          • comment java-1.6.0-openjdk-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090377006
        • AND
          • comment java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.37-1.13.9.4.el5_11
            oval oval:com.redhat.rhsa:tst:20152086007
          • comment java-1.6.0-openjdk-javadoc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090377008
        • AND
          • comment java-1.6.0-openjdk-src is earlier than 1:1.6.0.37-1.13.9.4.el5_11
            oval oval:com.redhat.rhsa:tst:20152086009
          • comment java-1.6.0-openjdk-src is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090377010
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.6.0-openjdk is earlier than 1:1.6.0.37-1.13.9.4.el6_7
            oval oval:com.redhat.rhsa:tst:20152086012
          • comment java-1.6.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865002
        • AND
          • comment java-1.6.0-openjdk-demo is earlier than 1:1.6.0.37-1.13.9.4.el6_7
            oval oval:com.redhat.rhsa:tst:20152086014
          • comment java-1.6.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865004
        • AND
          • comment java-1.6.0-openjdk-devel is earlier than 1:1.6.0.37-1.13.9.4.el6_7
            oval oval:com.redhat.rhsa:tst:20152086016
          • comment java-1.6.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865006
        • AND
          • comment java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.37-1.13.9.4.el6_7
            oval oval:com.redhat.rhsa:tst:20152086018
          • comment java-1.6.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865008
        • AND
          • comment java-1.6.0-openjdk-src is earlier than 1:1.6.0.37-1.13.9.4.el6_7
            oval oval:com.redhat.rhsa:tst:20152086020
          • comment java-1.6.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865010
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.6.0-openjdk is earlier than 1:1.6.0.37-1.13.9.4.el7_1
            oval oval:com.redhat.rhsa:tst:20152086023
          • comment java-1.6.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865002
        • AND
          • comment java-1.6.0-openjdk-demo is earlier than 1:1.6.0.37-1.13.9.4.el7_1
            oval oval:com.redhat.rhsa:tst:20152086024
          • comment java-1.6.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865004
        • AND
          • comment java-1.6.0-openjdk-devel is earlier than 1:1.6.0.37-1.13.9.4.el7_1
            oval oval:com.redhat.rhsa:tst:20152086025
          • comment java-1.6.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865006
        • AND
          • comment java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.37-1.13.9.4.el7_1
            oval oval:com.redhat.rhsa:tst:20152086026
          • comment java-1.6.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865008
        • AND
          • comment java-1.6.0-openjdk-src is earlier than 1:1.6.0.37-1.13.9.4.el7_1
            oval oval:com.redhat.rhsa:tst:20152086027
          • comment java-1.6.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865010
    rhsa
    id RHSA-2015:2086
    released 2015-11-18
    severity Important
    title RHSA-2015:2086: java-1.6.0-openjdk security update (Important)
  • rhsa
    id RHSA-2015:1926
rpms
  • java-1.8.0-openjdk-1:1.8.0.65-0.b17.el6_7
  • java-1.8.0-openjdk-1:1.8.0.65-2.b17.ael7b_1
  • java-1.8.0-openjdk-1:1.8.0.65-2.b17.el7_1
  • java-1.8.0-openjdk-accessibility-1:1.8.0.65-2.b17.ael7b_1
  • java-1.8.0-openjdk-accessibility-1:1.8.0.65-2.b17.el7_1
  • java-1.8.0-openjdk-debug-1:1.8.0.65-0.b17.el6_7
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.65-0.b17.el6_7
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.65-2.b17.ael7b_1
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.65-2.b17.el7_1
  • java-1.8.0-openjdk-demo-1:1.8.0.65-0.b17.el6_7
  • java-1.8.0-openjdk-demo-1:1.8.0.65-2.b17.ael7b_1
  • java-1.8.0-openjdk-demo-1:1.8.0.65-2.b17.el7_1
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.65-0.b17.el6_7
  • java-1.8.0-openjdk-devel-1:1.8.0.65-0.b17.el6_7
  • java-1.8.0-openjdk-devel-1:1.8.0.65-2.b17.ael7b_1
  • java-1.8.0-openjdk-devel-1:1.8.0.65-2.b17.el7_1
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.65-0.b17.el6_7
  • java-1.8.0-openjdk-headless-1:1.8.0.65-0.b17.el6_7
  • java-1.8.0-openjdk-headless-1:1.8.0.65-2.b17.ael7b_1
  • java-1.8.0-openjdk-headless-1:1.8.0.65-2.b17.el7_1
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.65-0.b17.el6_7
  • java-1.8.0-openjdk-javadoc-1:1.8.0.65-0.b17.el6_7
  • java-1.8.0-openjdk-javadoc-1:1.8.0.65-2.b17.ael7b_1
  • java-1.8.0-openjdk-javadoc-1:1.8.0.65-2.b17.el7_1
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.65-0.b17.el6_7
  • java-1.8.0-openjdk-src-1:1.8.0.65-0.b17.el6_7
  • java-1.8.0-openjdk-src-1:1.8.0.65-2.b17.ael7b_1
  • java-1.8.0-openjdk-src-1:1.8.0.65-2.b17.el7_1
  • java-1.8.0-openjdk-src-debug-1:1.8.0.65-0.b17.el6_7
  • java-1.7.0-openjdk-1:1.7.0.91-2.6.2.1.ael7b_1
  • java-1.7.0-openjdk-1:1.7.0.91-2.6.2.1.el7_1
  • java-1.7.0-openjdk-1:1.7.0.91-2.6.2.2.el6_7
  • java-1.7.0-openjdk-accessibility-1:1.7.0.91-2.6.2.1.ael7b_1
  • java-1.7.0-openjdk-accessibility-1:1.7.0.91-2.6.2.1.el7_1
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.91-2.6.2.1.ael7b_1
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.91-2.6.2.1.el7_1
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.91-2.6.2.2.el6_7
  • java-1.7.0-openjdk-demo-1:1.7.0.91-2.6.2.1.ael7b_1
  • java-1.7.0-openjdk-demo-1:1.7.0.91-2.6.2.1.el7_1
  • java-1.7.0-openjdk-demo-1:1.7.0.91-2.6.2.2.el6_7
  • java-1.7.0-openjdk-devel-1:1.7.0.91-2.6.2.1.ael7b_1
  • java-1.7.0-openjdk-devel-1:1.7.0.91-2.6.2.1.el7_1
  • java-1.7.0-openjdk-devel-1:1.7.0.91-2.6.2.2.el6_7
  • java-1.7.0-openjdk-headless-1:1.7.0.91-2.6.2.1.ael7b_1
  • java-1.7.0-openjdk-headless-1:1.7.0.91-2.6.2.1.el7_1
  • java-1.7.0-openjdk-javadoc-1:1.7.0.91-2.6.2.1.ael7b_1
  • java-1.7.0-openjdk-javadoc-1:1.7.0.91-2.6.2.1.el7_1
  • java-1.7.0-openjdk-javadoc-1:1.7.0.91-2.6.2.2.el6_7
  • java-1.7.0-openjdk-src-1:1.7.0.91-2.6.2.1.ael7b_1
  • java-1.7.0-openjdk-src-1:1.7.0.91-2.6.2.1.el7_1
  • java-1.7.0-openjdk-src-1:1.7.0.91-2.6.2.2.el6_7
  • java-1.7.0-openjdk-1:1.7.0.91-2.6.2.1.el5_11
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.91-2.6.2.1.el5_11
  • java-1.7.0-openjdk-demo-1:1.7.0.91-2.6.2.1.el5_11
  • java-1.7.0-openjdk-devel-1:1.7.0.91-2.6.2.1.el5_11
  • java-1.7.0-openjdk-javadoc-1:1.7.0.91-2.6.2.1.el5_11
  • java-1.7.0-openjdk-src-1:1.7.0.91-2.6.2.1.el5_11
  • java-1.8.0-oracle-1:1.8.0.65-1jpp.3.el6_7
  • java-1.8.0-oracle-1:1.8.0.65-1jpp.3.el7_1
  • java-1.8.0-oracle-devel-1:1.8.0.65-1jpp.3.el6_7
  • java-1.8.0-oracle-devel-1:1.8.0.65-1jpp.3.el7_1
  • java-1.8.0-oracle-javafx-1:1.8.0.65-1jpp.3.el6_7
  • java-1.8.0-oracle-javafx-1:1.8.0.65-1jpp.3.el7_1
  • java-1.8.0-oracle-jdbc-1:1.8.0.65-1jpp.3.el6_7
  • java-1.8.0-oracle-jdbc-1:1.8.0.65-1jpp.3.el7_1
  • java-1.8.0-oracle-plugin-1:1.8.0.65-1jpp.3.el6_7
  • java-1.8.0-oracle-plugin-1:1.8.0.65-1jpp.3.el7_1
  • java-1.8.0-oracle-src-1:1.8.0.65-1jpp.3.el6_7
  • java-1.8.0-oracle-src-1:1.8.0.65-1jpp.3.el7_1
  • java-1.7.0-oracle-1:1.7.0.91-1jpp.1.el5_11
  • java-1.7.0-oracle-1:1.7.0.91-1jpp.1.el6_7
  • java-1.7.0-oracle-1:1.7.0.91-1jpp.1.el7_1
  • java-1.7.0-oracle-devel-1:1.7.0.91-1jpp.1.el5_11
  • java-1.7.0-oracle-devel-1:1.7.0.91-1jpp.1.el6_7
  • java-1.7.0-oracle-devel-1:1.7.0.91-1jpp.1.el7_1
  • java-1.7.0-oracle-javafx-1:1.7.0.91-1jpp.1.el5_11
  • java-1.7.0-oracle-javafx-1:1.7.0.91-1jpp.1.el6_7
  • java-1.7.0-oracle-javafx-1:1.7.0.91-1jpp.1.el7_1
  • java-1.7.0-oracle-jdbc-1:1.7.0.91-1jpp.1.el5_11
  • java-1.7.0-oracle-jdbc-1:1.7.0.91-1jpp.1.el6_7
  • java-1.7.0-oracle-jdbc-1:1.7.0.91-1jpp.1.el7_1
  • java-1.7.0-oracle-plugin-1:1.7.0.91-1jpp.1.el5_11
  • java-1.7.0-oracle-plugin-1:1.7.0.91-1jpp.1.el6_7
  • java-1.7.0-oracle-plugin-1:1.7.0.91-1jpp.1.el7_1
  • java-1.7.0-oracle-src-1:1.7.0.91-1jpp.1.el5_11
  • java-1.7.0-oracle-src-1:1.7.0.91-1jpp.1.el6_7
  • java-1.7.0-oracle-src-1:1.7.0.91-1jpp.1.el7_1
  • java-1.6.0-sun-1:1.6.0.105-1jpp.2.el5_11
  • java-1.6.0-sun-1:1.6.0.105-1jpp.2.el6_7
  • java-1.6.0-sun-1:1.6.0.105-1jpp.2.el7_1
  • java-1.6.0-sun-demo-1:1.6.0.105-1jpp.2.el5_11
  • java-1.6.0-sun-demo-1:1.6.0.105-1jpp.2.el6_7
  • java-1.6.0-sun-demo-1:1.6.0.105-1jpp.2.el7_1
  • java-1.6.0-sun-devel-1:1.6.0.105-1jpp.2.el5_11
  • java-1.6.0-sun-devel-1:1.6.0.105-1jpp.2.el6_7
  • java-1.6.0-sun-devel-1:1.6.0.105-1jpp.2.el7_1
  • java-1.6.0-sun-jdbc-1:1.6.0.105-1jpp.2.el5_11
  • java-1.6.0-sun-jdbc-1:1.6.0.105-1jpp.2.el6_7
  • java-1.6.0-sun-jdbc-1:1.6.0.105-1jpp.2.el7_1
  • java-1.6.0-sun-plugin-1:1.6.0.105-1jpp.2.el5_11
  • java-1.6.0-sun-plugin-1:1.6.0.105-1jpp.2.el6_7
  • java-1.6.0-sun-plugin-1:1.6.0.105-1jpp.2.el7_1
  • java-1.6.0-sun-src-1:1.6.0.105-1jpp.2.el5_11
  • java-1.6.0-sun-src-1:1.6.0.105-1jpp.2.el6_7
  • java-1.6.0-sun-src-1:1.6.0.105-1jpp.2.el7_1
  • java-1.6.0-openjdk-1:1.6.0.37-1.13.9.4.el5_11
  • java-1.6.0-openjdk-1:1.6.0.37-1.13.9.4.el6_7
  • java-1.6.0-openjdk-1:1.6.0.37-1.13.9.4.el7_1
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.37-1.13.9.4.el5_11
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.37-1.13.9.4.el6_7
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.37-1.13.9.4.el7_1
  • java-1.6.0-openjdk-demo-1:1.6.0.37-1.13.9.4.el5_11
  • java-1.6.0-openjdk-demo-1:1.6.0.37-1.13.9.4.el6_7
  • java-1.6.0-openjdk-demo-1:1.6.0.37-1.13.9.4.el7_1
  • java-1.6.0-openjdk-devel-1:1.6.0.37-1.13.9.4.el5_11
  • java-1.6.0-openjdk-devel-1:1.6.0.37-1.13.9.4.el6_7
  • java-1.6.0-openjdk-devel-1:1.6.0.37-1.13.9.4.el7_1
  • java-1.6.0-openjdk-javadoc-1:1.6.0.37-1.13.9.4.el5_11
  • java-1.6.0-openjdk-javadoc-1:1.6.0.37-1.13.9.4.el6_7
  • java-1.6.0-openjdk-javadoc-1:1.6.0.37-1.13.9.4.el7_1
  • java-1.6.0-openjdk-src-1:1.6.0.37-1.13.9.4.el5_11
  • java-1.6.0-openjdk-src-1:1.6.0.37-1.13.9.4.el6_7
  • java-1.6.0-openjdk-src-1:1.6.0.37-1.13.9.4.el7_1
refmap via4
bid 77209
confirm
debian DSA-3381
gentoo
  • GLSA-201603-11
  • GLSA-201603-14
sectrack 1033884
suse
  • SUSE-SU-2015:1874
  • SUSE-SU-2015:1875
  • SUSE-SU-2015:2166
  • SUSE-SU-2015:2168
  • SUSE-SU-2015:2182
  • SUSE-SU-2015:2192
  • SUSE-SU-2015:2216
  • SUSE-SU-2015:2268
  • SUSE-SU-2016:0113
  • openSUSE-SU-2015:1902
  • openSUSE-SU-2015:1905
  • openSUSE-SU-2015:1906
  • openSUSE-SU-2015:1971
  • openSUSE-SU-2016:0270
ubuntu
  • USN-2784-1
  • USN-2827-1
Last major update 13-05-2022 - 14:38
Published 22-10-2015 - 00:00
Last modified 13-05-2022 - 14:38
Back to Top