Test Kennung:	1.3.6.1.4.1.25623.1.0.123679
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2013-0602)
Zusammenfassung:	The remote host is missing an update for the 'java-1.7.0-openjdk' package(s) announced via the ELSA-2013-0602 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'java-1.7.0-openjdk' package(s) announced via the ELSA-2013-0602 advisory. Vulnerability Insight: [1.7.0.9-2.3.8.0.0.1.el6_4] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.8.0el6] - Revert to rhel 6.3 version of spec file - Revert to icedtea7 2.3.8 forest - Resolves: rhbz#917183 [1.7.0.11-2.4.0.pre5.el6] - Update to latest snapshot of icedtea7 2.4 forest - Resolves: rhbz#917183 [1.7.0.9-2.4.0.pre4.3.el6] - Updated to icedtea 2.4.0.pre4, - Rewritten (again) patch3 java-1.7.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#911530 [1.7.0.9-2.4.0.pre3.3.el6] - Updated to icedtea 2.4.0.pre3, updated! - Rewritten patch3 java-1.7.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#911530 [1.7.0.9-2.4.0.pre2.3.el6] - Removed testing - mauve was outdated and - jtreg was icedtea relict - Updated to icedtea 2.4.0.pre2, updated? - Added java -Xshare:dump to post (see 513605)forjitarchs - Resolves: rhbz#911530 [1.7.0.11-2.4.0.2.el6] - Unapplied but kept (for 2.3revert) patch110, java-1.7.0-openjdk-nss-icedtea-e9c857dcb964.patch - Added and applied patch113: java-1.7.0-openjdk-aes-update_reset.patch - Added and applied patch114: java-1.7.0-openjdk-nss-tck.patch - Added and applied patch115: java-1.7.0-openjdk-nss-split_results.patch - NSS enabled by default - enable_nss set to 1 - rewritten patch109 - java-1.7.0-openjdk-nss-config-1.patch - rewritten patch111 - java-1.7.0-openjdk-nss-config-2.patch - Resolves: rhbz#831734 [1.7.0.11-2.4.0.1.el6] - Rewritten patch105: java-1.7.0-openjdk-disable-system-lcms.patch - Added jxmd and idlj to alternatives - make executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true - Unapplied patch302 and deleted systemtap.patch - buildver increased to 11 - icedtea_version set to 2.4.0 - Added and applied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch - removed tmp-patches source tarball - Added /lib/security/US_export_policy.jar and lib/security/local_policy.jar - Disabled nss - enable_nss set to 0 - Resolves: rhbz#895034 Affected Software/OS: 'java-1.7.0-openjdk' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0809 BugTraq ID: 58296 http://www.securityfocus.com/bid/58296 Cert/CC Advisory: TA13-064A http://www.us-cert.gov/ncas/alerts/TA13-064A CERT/CC vulnerability note: VU#688246 http://www.kb.cert.org/vuls/id/688246 http://security.gentoo.org/glsa/glsa-201406-32.xml HPdes Security Advisory: HPSBUX02857 http://marc.info/?l=bugtraq&m=136439120408139&w=2 HPdes Security Advisory: HPSBUX02864 http://marc.info/?l=bugtraq&m=136570436423916&w=2 HPdes Security Advisory: SSRT101103 HPdes Security Advisory: SSRT101156 http://www.mandriva.com/security/advisories?name=MDVSA-2013:095 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-March/022145.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19076 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19320 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19479 RedHat Security Advisories: RHSA-2013:0601 http://rhn.redhat.com/errata/RHSA-2013-0601.html RedHat Security Advisories: RHSA-2013:0603 http://rhn.redhat.com/errata/RHSA-2013-0603.html RedHat Security Advisories: RHSA-2013:0604 http://rhn.redhat.com/errata/RHSA-2013-0604.html RedHat Security Advisories: RHSA-2013:1455 http://rhn.redhat.com/errata/RHSA-2013-1455.html RedHat Security Advisories: RHSA-2013:1456 http://rhn.redhat.com/errata/RHSA-2013-1456.html SuSE Security Announcement: SUSE-SU-2013:0434 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00011.html SuSE Security Announcement: SUSE-SU-2013:0701 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html SuSE Security Announcement: openSUSE-SU-2013:0430 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00009.html SuSE Security Announcement: openSUSE-SU-2013:0438 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00012.html http://www.ubuntu.com/usn/USN-1755-2 Common Vulnerability Exposure (CVE) ID: CVE-2013-1493 BugTraq ID: 58238 http://www.securityfocus.com/bid/58238 http://www.exploit-db.com/exploits/24904 HPdes Security Advisory: HPSBMU02964 http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04117626-1 http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html http://www.symantec.com/connect/blogs/latest-java-zero-day-shares-connections-bit9-security-incident https://krebsonsecurity.com/2013/03/new-java-0-day-attack-echoes-bit9-breach/ https://twitter.com/jduck1337/status/307629902574800897 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19246 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19477 http://www.securitytracker.com/id/1029803
Copyright	Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.