Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200601-10 (sun-jdk sun-jre-bin blackdown-jre blackdown-jdk)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56152

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200601-10 (sun-jdk sun-jre-bin blackdown-jre blackdown-jdk)

Resumen: The remote host is missing updates announced in;advisory GLSA 200601-10.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200601-10.

Vulnerability Insight:
Sun's and Blackdown's JDK or JRE may allow untrusted applets to elevate
their privileges.

Solution:
All Sun JDK users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.4.2.09'

All Sun JRE users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.4.2.09'

All Blackdown JDK users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/blackdown-jdk-1.4.2.03'

All Blackdown JRE users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/blackdown-jre-1.4.2.03'

Note to SPARC and PPC users: There is no stable secure Blackdown Java for
the SPARC or PPC architectures. Affected users on the PPC architecture
should consider switching to the IBM Java packages (ibm-jdk-bin and
ibm-jre-bin). Affected users on the SPARC should remove the package until
a SPARC package is released.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-3905
http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html
BugTraq ID: 15615
http://www.securityfocus.com/bid/15615
CERT/CC vulnerability note: VU#974188
http://www.kb.cert.org/vuls/id/974188
http://www.gentoo.org/security/en/glsa/glsa-200601-10.xml
http://securitytracker.com/id?1015280
http://secunia.com/advisories/17748
http://secunia.com/advisories/17847
http://secunia.com/advisories/18092
http://secunia.com/advisories/18435
http://secunia.com/advisories/18503
http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102003-1
SuSE Security Announcement: SUSE-SR:2006:001 (Google Search)
http://www.vupen.com/english/advisories/2005/2636
http://www.vupen.com/english/advisories/2005/2675
http://www.vupen.com/english/advisories/2005/2946
XForce ISS Database: sun-reflection-api-elevate-privileges(23251)
https://exchange.xforce.ibmcloud.com/vulnerabilities/23251
Common Vulnerability Exposure (CVE) ID: CVE-2005-3906

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56152
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200601-10 (sun-jdk sun-jre-bin blackdown-jre blackdown-jdk)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200601-10.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200601-10. Vulnerability Insight: Sun's and Blackdown's JDK or JRE may allow untrusted applets to elevate their privileges. Solution: All Sun JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.4.2.09' All Sun JRE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.4.2.09' All Blackdown JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/blackdown-jdk-1.4.2.03' All Blackdown JRE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/blackdown-jre-1.4.2.03' Note to SPARC and PPC users: There is no stable secure Blackdown Java for the SPARC or PPC architectures. Affected users on the PPC architecture should consider switching to the IBM Java packages (ibm-jdk-bin and ibm-jre-bin). Affected users on the SPARC should remove the package until a SPARC package is released. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-3905 http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html BugTraq ID: 15615 http://www.securityfocus.com/bid/15615 CERT/CC vulnerability note: VU#974188 http://www.kb.cert.org/vuls/id/974188 http://www.gentoo.org/security/en/glsa/glsa-200601-10.xml http://securitytracker.com/id?1015280 http://secunia.com/advisories/17748 http://secunia.com/advisories/17847 http://secunia.com/advisories/18092 http://secunia.com/advisories/18435 http://secunia.com/advisories/18503 http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102003-1 SuSE Security Announcement: SUSE-SR:2006:001 (Google Search) http://www.vupen.com/english/advisories/2005/2636 http://www.vupen.com/english/advisories/2005/2675 http://www.vupen.com/english/advisories/2005/2946 XForce ISS Database: sun-reflection-api-elevate-privileges(23251) https://exchange.xforce.ibmcloud.com/vulnerabilities/23251 Common Vulnerability Exposure (CVE) ID: CVE-2005-3906
Copyright	Copyright (C) 2008 E-Soft Inc.