ID de Prueba:	1.3.6.1.4.1.25623.1.0.120133
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2012-88)
Resumen:	The remote host is missing an update for the 'java-1.6.0-openjdk' package(s) announced via the ALAS-2012-88 advisory.
Descripción:	Summary: The remote host is missing an update for the 'java-1.6.0-openjdk' package(s) announced via the ALAS-2012-88 advisory. Vulnerability Insight: Multiple flaws were discovered in the CORBA (Common Object Request Broker Architecture) implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. (CVE-2012-1711, CVE-2012-1719) It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. (CVE-2012-1716) Multiple flaws were discovered in the font manager's layout lookup implementation. A specially-crafted font file could cause the Java Virtual Machine to crash or, possibly, execute arbitrary code with the privileges of the user running the virtual machine. (CVE-2012-1713) Multiple flaws were found in the way the Java HotSpot Virtual Machine verified the bytecode of the class file to be executed. A specially-crafted Java application or applet could use these flaws to crash the Java Virtual Machine, or bypass Java sandbox restrictions. (CVE-2012-1723, CVE-2012-1725) It was discovered that the Java XML parser did not properly handle certain XML documents. An attacker able to make a Java application parse a specially-crafted XML file could use this flaw to make the XML parser enter an infinite loop. (CVE-2012-1724) It was discovered that the Java security classes did not properly handle Certificate Revocation Lists (CRL). CRL containing entries with duplicate certificate serial numbers could have been ignored. (CVE-2012-1718) It was discovered that various classes of the Java Runtime library could create temporary files with insecure permissions. A local attacker could use this flaw to gain access to the content of such temporary files. (CVE-2012-1717) Affected Software/OS: 'java-1.6.0-openjdk' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1711 BugTraq ID: 53949 http://www.securityfocus.com/bid/53949 http://security.gentoo.org/glsa/glsa-201406-32.xml HPdes Security Advisory: HPSBUX02805 http://marc.info/?l=bugtraq&m=134496371727681&w=2 HPdes Security Advisory: SSRT100919 http://www.mandriva.com/security/advisories?name=MDVSA-2012:095 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15996 RedHat Security Advisories: RHSA-2012:0734 http://rhn.redhat.com/errata/RHSA-2012-0734.html Common Vulnerability Exposure (CVE) ID: CVE-2012-1713 BugTraq ID: 53946 http://www.securityfocus.com/bid/53946 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16502 RedHat Security Advisories: RHSA-2012:1243 http://rhn.redhat.com/errata/RHSA-2012-1243.html RedHat Security Advisories: RHSA-2013:1455 http://rhn.redhat.com/errata/RHSA-2013-1455.html RedHat Security Advisories: RHSA-2013:1456 http://rhn.redhat.com/errata/RHSA-2013-1456.html http://secunia.com/advisories/50659 http://secunia.com/advisories/51080 SuSE Security Announcement: SUSE-SU-2012:1177 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html SuSE Security Announcement: SUSE-SU-2012:1204 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html SuSE Security Announcement: SUSE-SU-2012:1231 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html SuSE Security Announcement: SUSE-SU-2012:1265 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html Common Vulnerability Exposure (CVE) ID: CVE-2012-1716 BugTraq ID: 53947 http://www.securityfocus.com/bid/53947 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16168 Common Vulnerability Exposure (CVE) ID: CVE-2012-1717 BugTraq ID: 53952 http://www.securityfocus.com/bid/53952 Common Vulnerability Exposure (CVE) ID: CVE-2012-1718 BugTraq ID: 53951 http://www.securityfocus.com/bid/53951 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15923 RedHat Security Advisories: RHSA-2012:1467 http://rhn.redhat.com/errata/RHSA-2012-1467.html http://secunia.com/advisories/51326 Common Vulnerability Exposure (CVE) ID: CVE-2012-1723 BugTraq ID: 53960 http://www.securityfocus.com/bid/53960 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16259 Common Vulnerability Exposure (CVE) ID: CVE-2012-1724 BugTraq ID: 53958 http://www.securityfocus.com/bid/53958 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16659
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.