Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200601-10 (sun-jdk sun-jre-bin blackdown-jre blackdown-jdk)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.56152

Kategorie: Gentoo Local Security Checks

Titel: Gentoo Security Advisory GLSA 200601-10 (sun-jdk sun-jre-bin blackdown-jre blackdown-jdk)

Zusammenfassung: The remote host is missing updates announced in;advisory GLSA 200601-10.

Beschreibung: Summary:
The remote host is missing updates announced in
advisory GLSA 200601-10.

Vulnerability Insight:
Sun's and Blackdown's JDK or JRE may allow untrusted applets to elevate
their privileges.

Solution:
All Sun JDK users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.4.2.09'

All Sun JRE users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.4.2.09'

All Blackdown JDK users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/blackdown-jdk-1.4.2.03'

All Blackdown JRE users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/blackdown-jre-1.4.2.03'

Note to SPARC and PPC users: There is no stable secure Blackdown Java for
the SPARC or PPC architectures. Affected users on the PPC architecture
should consider switching to the IBM Java packages (ibm-jdk-bin and
ibm-jre-bin). Affected users on the SPARC should remove the package until
a SPARC package is released.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2005-3905
http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html
BugTraq ID: 15615
http://www.securityfocus.com/bid/15615
CERT/CC vulnerability note: VU#974188
http://www.kb.cert.org/vuls/id/974188
http://www.gentoo.org/security/en/glsa/glsa-200601-10.xml
http://securitytracker.com/id?1015280
http://secunia.com/advisories/17748
http://secunia.com/advisories/17847
http://secunia.com/advisories/18092
http://secunia.com/advisories/18435
http://secunia.com/advisories/18503
http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102003-1
SuSE Security Announcement: SUSE-SR:2006:001 (Google Search)
http://www.vupen.com/english/advisories/2005/2636
http://www.vupen.com/english/advisories/2005/2675
http://www.vupen.com/english/advisories/2005/2946
XForce ISS Database: sun-reflection-api-elevate-privileges(23251)
https://exchange.xforce.ibmcloud.com/vulnerabilities/23251
Common Vulnerability Exposure (CVE) ID: CVE-2005-3906

Copyright Copyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.56152
Kategorie:	Gentoo Local Security Checks
Titel:	Gentoo Security Advisory GLSA 200601-10 (sun-jdk sun-jre-bin blackdown-jre blackdown-jdk)
Zusammenfassung:	The remote host is missing updates announced in;advisory GLSA 200601-10.
Beschreibung:	Summary: The remote host is missing updates announced in advisory GLSA 200601-10. Vulnerability Insight: Sun's and Blackdown's JDK or JRE may allow untrusted applets to elevate their privileges. Solution: All Sun JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.4.2.09' All Sun JRE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.4.2.09' All Blackdown JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/blackdown-jdk-1.4.2.03' All Blackdown JRE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/blackdown-jre-1.4.2.03' Note to SPARC and PPC users: There is no stable secure Blackdown Java for the SPARC or PPC architectures. Affected users on the PPC architecture should consider switching to the IBM Java packages (ibm-jdk-bin and ibm-jre-bin). Affected users on the SPARC should remove the package until a SPARC package is released. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2005-3905 http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html BugTraq ID: 15615 http://www.securityfocus.com/bid/15615 CERT/CC vulnerability note: VU#974188 http://www.kb.cert.org/vuls/id/974188 http://www.gentoo.org/security/en/glsa/glsa-200601-10.xml http://securitytracker.com/id?1015280 http://secunia.com/advisories/17748 http://secunia.com/advisories/17847 http://secunia.com/advisories/18092 http://secunia.com/advisories/18435 http://secunia.com/advisories/18503 http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102003-1 SuSE Security Announcement: SUSE-SR:2006:001 (Google Search) http://www.vupen.com/english/advisories/2005/2636 http://www.vupen.com/english/advisories/2005/2675 http://www.vupen.com/english/advisories/2005/2946 XForce ISS Database: sun-reflection-api-elevate-privileges(23251) https://exchange.xforce.ibmcloud.com/vulnerabilities/23251 Common Vulnerability Exposure (CVE) ID: CVE-2005-3906
Copyright	Copyright (C) 2008 E-Soft Inc.