ID de Prueba:	1.3.6.1.4.1.25623.1.0.120390
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2013-163)
Resumen:	The remote host is missing an update for the 'java-1.6.0-openjdk' package(s) announced via the ALAS-2013-163 advisory.
Descripción:	Summary: The remote host is missing an update for the 'java-1.6.0-openjdk' package(s) announced via the ALAS-2013-163 advisory. Vulnerability Insight: An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) Affected Software/OS: 'java-1.6.0-openjdk' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0169 http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html BugTraq ID: 57778 http://www.securityfocus.com/bid/57778 Cert/CC Advisory: TA13-051A http://www.us-cert.gov/cas/techalerts/TA13-051A.html CERT/CC vulnerability note: VU#737740 http://www.kb.cert.org/vuls/id/737740 Debian Security Information: DSA-2621 (Google Search) http://www.debian.org/security/2013/dsa-2621 Debian Security Information: DSA-2622 (Google Search) http://www.debian.org/security/2013/dsa-2622 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html http://security.gentoo.org/glsa/glsa-201406-32.xml HPdes Security Advisory: HPSBMU02874 http://marc.info/?l=bugtraq&m=136733161405818&w=2 HPdes Security Advisory: HPSBOV02852 http://marc.info/?l=bugtraq&m=136432043316835&w=2 HPdes Security Advisory: HPSBUX02856 http://marc.info/?l=bugtraq&m=136396549913849&w=2 HPdes Security Advisory: HPSBUX02857 http://marc.info/?l=bugtraq&m=136439120408139&w=2 HPdes Security Advisory: HPSBUX02909 http://marc.info/?l=bugtraq&m=137545771702053&w=2 HPdes Security Advisory: SSRT101103 HPdes Security Advisory: SSRT101104 HPdes Security Advisory: SSRT101108 HPdes Security Advisory: SSRT101184 HPdes Security Advisory: SSRT101289 http://www.mandriva.com/security/advisories?name=MDVSA-2013:095 http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/ http://www.isg.rhul.ac.uk/tls/TLStiming.pdf https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html http://openwall.com/lists/oss-security/2013/02/05/24 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608 RedHat Security Advisories: RHSA-2013:0587 http://rhn.redhat.com/errata/RHSA-2013-0587.html RedHat Security Advisories: RHSA-2013:0782 http://rhn.redhat.com/errata/RHSA-2013-0782.html RedHat Security Advisories: RHSA-2013:0783 http://rhn.redhat.com/errata/RHSA-2013-0783.html RedHat Security Advisories: RHSA-2013:0833 http://rhn.redhat.com/errata/RHSA-2013-0833.html RedHat Security Advisories: RHSA-2013:1455 http://rhn.redhat.com/errata/RHSA-2013-1455.html RedHat Security Advisories: RHSA-2013:1456 http://rhn.redhat.com/errata/RHSA-2013-1456.html http://www.securitytracker.com/id/1029190 http://secunia.com/advisories/53623 http://secunia.com/advisories/55108 http://secunia.com/advisories/55139 http://secunia.com/advisories/55322 http://secunia.com/advisories/55350 http://secunia.com/advisories/55351 SuSE Security Announcement: SUSE-SU-2013:0328 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html SuSE Security Announcement: SUSE-SU-2013:0701 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html SuSE Security Announcement: SUSE-SU-2014:0320 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html SuSE Security Announcement: SUSE-SU-2015:0578 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html SuSE Security Announcement: openSUSE-SU-2013:0375 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html SuSE Security Announcement: openSUSE-SU-2013:0378 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html http://www.ubuntu.com/usn/USN-1735-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-1486 BugTraq ID: 58029 http://www.securityfocus.com/bid/58029 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19402 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19469
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.