Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200705-20 (blackdown-jdk, blackdown-jre)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.58298

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200705-20 (blackdown-jdk, blackdown-jre)

Resumen: The remote host is missing updates announced in;advisory GLSA 200705-20.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200705-20.

Vulnerability Insight:
The Blackdown JDK and the Blackdown JRE suffer from the multiple
unspecified vulnerabilities that already affected the Sun JDK and JRE.

Solution:
Since there is no fixed update from Blackdown and since the flaw only
occurs in the applets, the 'nsplugin' USE flag has been masked in the
portage tree. Emerge the ebuild again in order to fix the vulnerability.
Another solution is to switch to another Java implementation such as the
Sun implementation (dev-java/sun-jdk and dev-java/sun-jre-bin).

# emerge --sync
# emerge --ask --oneshot --verbose 'dev-java/blackdown-jdk'
# emerge --ask --oneshot --verbose 'dev-java/blackdown-jre'

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-6731
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
http://dev2dev.bea.com/pub/advisory/243
BugTraq ID: 21675
http://www.securityfocus.com/bid/21675
Cert/CC Advisory: TA07-022A
http://www.us-cert.gov/cas/techalerts/TA07-022A.html
CERT/CC vulnerability note: VU#149457
http://www.kb.cert.org/vuls/id/149457
CERT/CC vulnerability note: VU#939609
http://www.kb.cert.org/vuls/id/939609
http://security.gentoo.org/glsa/glsa-200701-15.xml
http://security.gentoo.org/glsa/glsa-200702-08.xml
http://www.gentoo.org/security/en/glsa/glsa-200705-20.xml
HPdes Security Advisory: HPSBUX02196
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579
HPdes Security Advisory: SSRT071318
http://docs.info.apple.com/article.html?artnum=307177
http://scary.beasts.org/security/CESA-2005-008.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10134
http://www.redhat.com/support/errata/RHSA-2007-0062.html
http://www.redhat.com/support/errata/RHSA-2007-0072.html
http://www.redhat.com/support/errata/RHSA-2007-0073.html
http://securitytracker.com/id?1017425
http://secunia.com/advisories/23445
http://secunia.com/advisories/23650
http://secunia.com/advisories/23835
http://secunia.com/advisories/24099
http://secunia.com/advisories/24189
http://secunia.com/advisories/24468
http://secunia.com/advisories/25283
http://secunia.com/advisories/25404
http://secunia.com/advisories/28115
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
SuSE Security Announcement: SUSE-SA:2007:003 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html
SuSE Security Announcement: SUSE-SA:2007:010 (Google Search)
http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html
http://www.vupen.com/english/advisories/2006/5073
http://www.vupen.com/english/advisories/2007/0936
http://www.vupen.com/english/advisories/2007/1814
http://www.vupen.com/english/advisories/2007/4224
Common Vulnerability Exposure (CVE) ID: CVE-2006-6736
BugTraq ID: 21674
http://www.securityfocus.com/bid/21674
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9729
http://securitytracker.com/id?1017427
http://secunia.com/advisories/23398
http://secunia.com/advisories/26049
http://secunia.com/advisories/26119
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
SuSE Security Announcement: SUSE-SA:2007:045 (Google Search)
http://www.novell.com/linux/security/advisories/2007_45_java.html
http://www.vupen.com/english/advisories/2006/5075
Common Vulnerability Exposure (CVE) ID: CVE-2006-6737
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11087
Common Vulnerability Exposure (CVE) ID: CVE-2006-6745
http://dev2dev.bea.com/pub/advisory/240
BugTraq ID: 21673
http://www.securityfocus.com/bid/21673
CERT/CC vulnerability note: VU#102289
http://www.kb.cert.org/vuls/id/102289
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9621
http://securitytracker.com/id?1017426
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1
http://www.vupen.com/english/advisories/2006/5074

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.58298
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200705-20 (blackdown-jdk, blackdown-jre)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200705-20.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200705-20. Vulnerability Insight: The Blackdown JDK and the Blackdown JRE suffer from the multiple unspecified vulnerabilities that already affected the Sun JDK and JRE. Solution: Since there is no fixed update from Blackdown and since the flaw only occurs in the applets, the 'nsplugin' USE flag has been masked in the portage tree. Emerge the ebuild again in order to fix the vulnerability. Another solution is to switch to another Java implementation such as the Sun implementation (dev-java/sun-jdk and dev-java/sun-jre-bin). # emerge --sync # emerge --ask --oneshot --verbose 'dev-java/blackdown-jdk' # emerge --ask --oneshot --verbose 'dev-java/blackdown-jre' CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-6731 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://dev2dev.bea.com/pub/advisory/243 BugTraq ID: 21675 http://www.securityfocus.com/bid/21675 Cert/CC Advisory: TA07-022A http://www.us-cert.gov/cas/techalerts/TA07-022A.html CERT/CC vulnerability note: VU#149457 http://www.kb.cert.org/vuls/id/149457 CERT/CC vulnerability note: VU#939609 http://www.kb.cert.org/vuls/id/939609 http://security.gentoo.org/glsa/glsa-200701-15.xml http://security.gentoo.org/glsa/glsa-200702-08.xml http://www.gentoo.org/security/en/glsa/glsa-200705-20.xml HPdes Security Advisory: HPSBUX02196 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579 HPdes Security Advisory: SSRT071318 http://docs.info.apple.com/article.html?artnum=307177 http://scary.beasts.org/security/CESA-2005-008.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10134 http://www.redhat.com/support/errata/RHSA-2007-0062.html http://www.redhat.com/support/errata/RHSA-2007-0072.html http://www.redhat.com/support/errata/RHSA-2007-0073.html http://securitytracker.com/id?1017425 http://secunia.com/advisories/23445 http://secunia.com/advisories/23650 http://secunia.com/advisories/23835 http://secunia.com/advisories/24099 http://secunia.com/advisories/24189 http://secunia.com/advisories/24468 http://secunia.com/advisories/25283 http://secunia.com/advisories/25404 http://secunia.com/advisories/28115 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1 SuSE Security Announcement: SUSE-SA:2007:003 (Google Search) http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html SuSE Security Announcement: SUSE-SA:2007:010 (Google Search) http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html http://www.vupen.com/english/advisories/2006/5073 http://www.vupen.com/english/advisories/2007/0936 http://www.vupen.com/english/advisories/2007/1814 http://www.vupen.com/english/advisories/2007/4224 Common Vulnerability Exposure (CVE) ID: CVE-2006-6736 BugTraq ID: 21674 http://www.securityfocus.com/bid/21674 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9729 http://securitytracker.com/id?1017427 http://secunia.com/advisories/23398 http://secunia.com/advisories/26049 http://secunia.com/advisories/26119 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1 SuSE Security Announcement: SUSE-SA:2007:045 (Google Search) http://www.novell.com/linux/security/advisories/2007_45_java.html http://www.vupen.com/english/advisories/2006/5075 Common Vulnerability Exposure (CVE) ID: CVE-2006-6737 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11087 Common Vulnerability Exposure (CVE) ID: CVE-2006-6745 http://dev2dev.bea.com/pub/advisory/240 BugTraq ID: 21673 http://www.securityfocus.com/bid/21673 CERT/CC vulnerability note: VU#102289 http://www.kb.cert.org/vuls/id/102289 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9621 http://securitytracker.com/id?1017426 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1 http://www.vupen.com/english/advisories/2006/5074
Copyright	Copyright (C) 2008 E-Soft Inc.