Novell SUSE Linux Enterprise Server

ソフト名：Novell SUSE Linux Enterprise Server (SLES) 9/10/11 (IBM Java 6.x)

回避策：SUSE-SA:2011:036にて対応

脆弱性：データ操作, 機密情報の奪取, DoS攻撃, システムアクセス, 整数オーバーフローエラー, メモリ破壊, リモートコード実行, 解放後使用エラー, リモートコマンド実行

ソース：

http://www.novell.com/promo/home/sle11.html

http://www.suse.com/products/server/

http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00022.html

http://secunia.com/advisories/45206/

http://secunia.com/advisories/45736/

http://dvw-j.blogspot.com/2011/07/ibm-java.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0786

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0866

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0872

CVE：CVE-2011-0786, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0862, CVE-2011-0865, CVE-2011-0866, CVE-2011-0867, CVE-2011-0871, CVE-2011-0872

危険性：High Risk

SUSE Linux Enterprise Server

ソフト名：SUSE Linux Enterprise Server (SLES) 10 (IBM Java 6.x)

回避策：SUSE-SU-2011:0863-1にて対応

脆弱性：データ操作, 機密情報の奪取, システムアクセス, 整数オーバーフローエラー, メモリ破壊, リモートコード実行, 解放後使用エラー, リモートコマンド実行

ソース：

http://www.suse.com/products/server/

https://hermes.opensuse.org/messages/10468668

http://secunia.com/advisories/45206/

http://secunia.com/advisories/45497/

http://dvw-j.blogspot.com/2011/07/ibm-java.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0866

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0872

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0873

CVE：CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0862, CVE-2011-0865, CVE-2011-0866, CVE-2011-0867, CVE-2011-0871, CVE-2011-0872, CVE-2011-0873

危険性：High Risk

Red Hat Enterprise Linux Extras, RHEL Desktop Supplementary

ソフト名：Red Hat Enterprise Linux Extras v. 4, RHEL Desktop Supplementary (v. 5 client)/Supplementary (v. 5 server)/Desktop Supplementary (v. 6)/HPC Node Supplementary (v. 6)/Server Supplementary (v. 6)/Workstation Supplementary (v. 6) (IBM Java 6.x)

回避策：RHSA-2011:1087-1にて対応

脆弱性：データ操作, 機密情報の奪取, システムアクセス, DoS攻撃, 整数オーバーフローエラー, メモリ破壊, リモートコード実行, 解放後使用エラー, リモートコマンド実行

ソース：

http://www.redhat.com/

https://rhn.redhat.com/errata/RHSA-2011-1087.html

http://secunia.com/advisories/45206/

http://secunia.com/advisories/45402/

http://dvw-j.blogspot.com/2011/07/ibm-java.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0873

CVE：CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0865, CVE-2011-0867, CVE-2011-0871, CVE-2011-0873

危険性：High Risk

Novell SUSE Linux Enterprise Server

ソフト名：Novell SUSE Linux Enterprise Server (SLES) 10/11 (IBM Java 6.x)

回避策：SUSE-SU-2011:0807-1にて対応

脆弱性：データ操作, 機密情報の奪取, DoS攻撃, システムアクセス, 整数オーバーフローエラー, メモリ破壊, リモートコード実行, 解放後使用エラー, リモートコマンド実行

ソース：http://www.novell.com/products/server/

http://www.novell.com/promo/home/sle11.html

https://hermes.opensuse.org/messages/9605351

http://secunia.com/advisories/45206/

http://secunia.com/advisories/45302/

http://dvw-j.blogspot.com/2011/07/ibm-java.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0786

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0788

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0817

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0863

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0866

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0868

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0869

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0872

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0873

CVE：CVE-2011-0786, CVE-2011-0788, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0817, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865, CVE-2011-0866, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0872, CVE-2011-0873

危険性：High Risk

Red Hat Enterprise Linux Extras

ソフト名：Red Hat Enterprise Linux Extras v. 4/Desktop Supplementary (v. 5 client)/Supplementary (v. 5 server)/Desktop Supplementary (v. 6)/HPC Node Supplementary (v. 6)/Server Supplementary (v. 6)/Workstation Supplementary (v. 6) (IBM Java 6.x)

回避策：RHSA-2011:0938-1にて対応

脆弱性：データ操作, 機密情報の奪取, DoS攻撃, システムアクセス, 整数オーバーフローエラー, メモリ破壊, リモートコード実行, 解放後使用エラー, リモートコマンド実行

ソース：http://www.redhat.com/

https://rhn.redhat.com/errata/RHSA-2011-0938.html

http://secunia.com/advisories/45206/

http://secunia.com/advisories/45229/

http://dvw-j.blogspot.com/2011/07/ibm-java.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0863

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0866

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0868

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0869

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0873

CVE：CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865, CVE-2011-0866, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873

危険性：High Risk

IBM Java

ソフト名：IBM Java 6.x

回避策：6.0.0 SR9 FP2へのアップデートにて対応

脆弱性：データ操作, 機密情報の奪取, DoS攻撃, システムアクセス, 整数オーバーフローエラー, メモリ破壊, リモートコード実行, 解放後使用エラー, リモートコマンド実行

ソース：https://www.ibm.com/developerworks/java/

http://www.ibm.com/developerworks/java/jdk/alerts/

http://secunia.com/advisories/44784/

http://secunia.com/advisories/45206/

http://dvw-j.blogspot.com/2011/06/sun-java-red-hat-enterprise-linux-red.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0786

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0788

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0817

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0863

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0866

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0868

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0869

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0872

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0873

CVE：CVE-2011-0786, CVE-2011-0788, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0817, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865, CVE-2011-0866, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0872, CVE-2011-0873

危険性：High Risk

Red Hat Network Satellite Server

ソフト名：Red Hat Network Satellite Server 5.x (IBM JAVA 1.4.x/5.x/6.x)

回避策：RHSA-2011:0880-1にて対応

脆弱性：データ操作, 機密情報の奪取, DoS攻撃, システムアクセス, 無限ループ, クラッシュ, リモートコード実行, 整数オーバーフローエラー, メモリ破壊, アロケーションエラー, 入力検証エラー, ファイル操作, バウンダリエラー, バッファオーバーフロー, NULLポインタ逆参照エラー, 不正HTTPのリクエスト, スプーフィング攻撃

ソース：http://www.redhat.com/

https://rhn.redhat.com/errata/RHSA-2011-0880.html

http://secunia.com/advisories/38355/

http://secunia.com/advisories/41882/

http://secunia.com/advisories/43295/

http://secunia.com/advisories/44954/

http://dvw-j.blogspot.com/2011/02/sun-java-ibm-java-ibm-websphere.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3555

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3558

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3560

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3563

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4422

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4452

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4463

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4467

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476

CVE：CVE-2009-3555, CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3553, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3560, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574, CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476

危険性：High Risk

Novell SUSE Linux Enterprise Server

ソフト名：Novell SUSE Linux Enterprise Server 9/10/11 (IBM JAVA)

回避策：SUSE-SU-2011:0490-1, SUSE-SA:2011:024にて対応

脆弱性：データ操作, DoS攻撃, システムアクセス, クラッシュ

ソース：http://www.novell.com/products/server/

http://www.novell.com/promo/home/sle11.html

https://hermes.opensuse.org/messages/8407124

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html

http://secunia.com/advisories/43295/

http://secunia.com/advisories/44570/

http://dvw-j.blogspot.com/2011/02/sun-java-ibm-java-ibm-websphere.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0311

CVE：CVE-2010-4447, CVE-2010-4448, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476, CVE-2011-0311

危険性：High Risk

Red Hat Enterprise Linux Extras, RHEL Supplementary

ソフト名：Red Hat Enterprise Linux Extras v. 4, RHEL Supplementary (v. 5 server)/Desktop Supplementary (v. 5 client) (IBM Java 1.4.x/5.x/6.x)

回避策：RHSA-2011:0490-1にて対応

脆弱性：データ操作, DoS攻撃, システムアクセス, クラッシュ

ソース：http://www.redhat.com/

https://rhn.redhat.com/errata/RHSA-2011-0490.html

http://secunia.com/advisories/43295/

http://secunia.com/advisories/44464/

http://dvw-j.blogspot.com/2011/02/sun-java-ibm-java-ibm-websphere.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0311

CVE：CVE-2010-4447, CVE-2010-4448, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4473, CVE-2010-4475, CVE-2011-0311

危険性：High Risk

Novell Open Enterprise Server

ソフト名：Novell Open Enterprise Server 2.x (IBM Java 5.0.0 SR12 FP2 / FP3未満)
回避策：SUSE-SU-2011:0186-1にて対応
脆弱性：データ操作, DoS攻撃, システムアクセス, 機密情報の奪取, セキュリティ制限の回避, リモートコード実行, メモリ破壊, 整数オーバーフロー, アロケーションエラー, 入力検証エラー, バッファオーバーフロー, バウンダリエラー
ソース：http://www.novell.com/products/openenterpriseserver/
https://hermes.opensuse.org/messages/7645637
http://secunia.com/advisories/41882/
http://secunia.com/advisories/43804/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476
CVE：CVE-2010-3553, CVE-2010-3557, CVE-2010-3571, CVE-2010-4476
危険性：High Risk

Novell Open Enterprise Server, SUSE Linux Enterprise Server

ソフト名：Novell Open Enterprise Server 2.x, SUSE Linux Enterprise Server (SLES) 10/11 (IBM Java)
回避策：SUSE-SU-2011:0165-1, SUSE-SU-2011:0167-1にて対応
脆弱性：システムアクセス, DoS攻撃, 無限ループ, データ操作, リモートコード実行
ソース：http://www.novell.com/products/openenterpriseserver/
http://www.novell.com/products/server/
https://hermes.opensuse.org/messages/7579774
https://hermes.opensuse.org/messages/7580242
http://secunia.com/advisories/41882/
http://secunia.com/advisories/43325/
http://secunia.com/advisories/43699/
http://secunia.com/advisories/43710/
http://dvw-j.blogspot.com/2011/02/red-hat-fedora-debian-gnulinux-ibm-i5os.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476
CVE：CVE-2010-1321, CVE-2010-3574, CVE-2010-4476
危険性：High Risk

Sun JAVA, IBM Java, IBM WebSphere Application Server

ソフト名：Sun JAVA JDK 5.0 Update 27以下/JDK 6 Update 23以下/JRE 6 Update 23以下, Sun JAVA SDK 1.4.2_29以下, IBM Java 5.0.0 SR12 Fix Pack 4未満, IBM WebSphere Application Server 6.1.0.35以下
回避策：あり, APAR IZ94331, APAR PM32177にて対応
脆弱性：DoS攻撃, 無限ループ
ソース：http://www.oracle.com/technetwork/java/javase/overview/index.html
http://www.oracle.com/technetwork/java/javase/index-jsp-138567.html
http://java.sun.com/j2se/1.5/
https://www.ibm.com/developerworks/java/
http://www-01.ibm.com/software/webservers/appserv/was/
http://www.oracle.com/technetwork/java/javase/overview/index-jsp-136246.html
http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
http://www.ibm.com/support/docview.wss?uid=swg1IZ94331
http://www.ibm.com/support/docview.wss?uid=swg24029090
http://www.exploringbinary.com/why-volatile-fixes-the-2-2250738585072011e-308-bug/comment-page-1/#comment-4645
http://secunia.com/advisories/43262/
http://secunia.com/advisories/43295/
http://secunia.com/advisories/43296/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476
CVE：CVE-2010-4476
危険性：Medium Risk

Oracle Java for Business, Oracle Java, IBM Java

ソフト名：Oracle Java for Business JDK 5 Update 25/JDK 6 Update 21/JRE 1.3.1_28/JRE 1.4.2_27/JRE 6 Update 21/SDK 1.3.1_28/SDK 1.4.2_27, Oracle Java SE JDK 5 Update 25/6 Update 21/JRE 6 Update 21/SDK 1.3.1_28/SDK 1.4.2_27, IBM Java 1.4/5.0/6.0
回避策：Oracle Java SE and Java for Business Critical Patch Update Advisory - October 2010にて対応
脆弱性：特定されていない脆弱性
ソース：http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
http://www.securityfocus.com/bid/43965
http://www.securityfocus.com/bid/43971
http://www.securityfocus.com/bid/43979
http://www.securityfocus.com/bid/43985
http://www.securityfocus.com/bid/43988
http://www.securityfocus.com/bid/43992
http://www.securityfocus.com/bid/43994
http://www.securityfocus.com/bid/43999
http://www.securityfocus.com/bid/44009
http://www.securityfocus.com/bid/44011
http://www.securityfocus.com/bid/44012
http://www.securityfocus.com/bid/44013
http://www.securityfocus.com/bid/44014
http://www.securityfocus.com/bid/44016
http://www.securityfocus.com/bid/44017
http://www.securityfocus.com/bid/44020
http://www.securityfocus.com/bid/44021
http://www.securityfocus.com/bid/44023
http://www.securityfocus.com/bid/44024
http://www.securityfocus.com/bid/44026
http://www.securityfocus.com/bid/44027
http://www.securityfocus.com/bid/44028
http://www.securityfocus.com/bid/44030
http://www.securityfocus.com/bid/44032
http://www.securityfocus.com/bid/44035
http://www.securityfocus.com/bid/44038
http://www.securityfocus.com/bid/44040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574
http://secunia.com/advisories/41791
http://secunia.com/advisories/41882
http://www.vupen.com/english/advisories/2010/2660
CVE：CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574
危険性：High Risk

IBM Java

ソフト名：IBM Java 1.4.2/5.0/6.0
回避策：IBM APAR IZ80870, IZ80871, PM18989にて対応
脆弱性：セキュリティ制限の回避, フィルタリングメカニズムの回避
ソース：http://www-01.ibm.com/support/docview.wss?uid=swg1IZ80870
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ80871
http://www-01.ibm.com/support/docview.wss?uid=swg1PM18989
http://www.securityfocus.com/bid/41918
http://secunia.com/advisories/40710
http://www.vupen.com/english/advisories/2010/1894
危険性：Medium Risk