 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.59015 |
| Categoría: | Slackware Local Security Checks |
| Título: | Slackware: Security Advisory (SSA:2007-243-01) |
| Resumen: | The remote host is missing an update for the 'java' package(s) announced via the SSA:2007-243-01 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'java' package(s) announced via the SSA:2007-243-01 advisory. Vulnerability Insight: Sun has released security advisories pertaining to both the Java Runtime Environment and the Standard Edition Development Kit. One such advisory may be found here: [link moved to references] Updated versions of both the jre and jdk packages are provided which address all known flaws in Java(TM) at this time. There may be more advisories on [link moved to references] describing other flaws that are patched with this update. Happy hunting! Slackware repackages Sun's Java(TM) binaries without changing them, so the packages from Slackware 12.0 should work on all glibc based Slackware versions. Here are the details from the Slackware 12.0 ChangeLog: +--------------------------+ Fri Aug 31 13:33:54 CDT 2007 patches/packages/jre-6u2-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Runtime Environment Version 6.0 update 2. This update addresses code errors which could possibly be leveraged to compromise system security, though we know of no existing exploits. This update consists of the official Java(TM) binaries repackaged in Slackware's package format, and may be used on any version of Slackware that is based on glibc. For more information, see: [link moved to references] (* Security fix *) An additional change was made to the script that Slackware uses to set environment variables for Java(TM). Now, after the $JAVA_HOME variable is set, the next variable settings make use of it, rather than hard-coding the path to $JAVA_HOME. This does not fix a bug, but is certainly better scripting style. Thanks to Jason Byrne and Jean-Christophe Fargette for suggesting this change. extra/jdk-6/jdk-6u2-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Development Kit Version 6.0 update 2. This update addresses code errors which could possibly be leveraged to compromise system security, though we know of no existing exploits. This update consists of the official Java(TM) binaries repackaged in Slackware's package format, and may be used on any version of Slackware that is based on glibc. For more information, see: [link moved to references] (* Security fix *) An additional change was made to the script that Slackware uses to set environment variables for Java(TM). Now, after the $JAVA_HOME variable is set, the next variable settings make use of it, rather than hard-coding the path to $JAVA_HOME. This does not fix a bug, but is certainly better scripting style. Thanks to Jason Byrne and Jean-Christophe Fargette for suggesting this change. +--------------------------+ Affected Software/OS: 'java' package(s) on Slackware 12.0. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2007-3922 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://dev2dev.bea.com/pub/advisory/248 BugTraq ID: 25054 http://www.securityfocus.com/bid/25054 http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml HPdes Security Advisory: HPSBMA02288 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450 HPdes Security Advisory: SSRT071465 http://docs.info.apple.com/article.html?artnum=307177 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10387 http://www.redhat.com/support/errata/RHSA-2007-0818.html http://www.redhat.com/support/errata/RHSA-2007-0829.html http://www.redhat.com/support/errata/RHSA-2008-0133.html http://www.securitytracker.com/id?1018428 http://secunia.com/advisories/26314 http://secunia.com/advisories/26369 http://secunia.com/advisories/26631 http://secunia.com/advisories/26645 http://secunia.com/advisories/26933 http://secunia.com/advisories/27266 http://secunia.com/advisories/27635 http://secunia.com/advisories/28115 http://secunia.com/advisories/30805 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.486841 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1 SuSE Security Announcement: SUSE-SA:2007:056 (Google Search) http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html http://www.vupen.com/english/advisories/2007/2573 http://www.vupen.com/english/advisories/2007/3009 http://www.vupen.com/english/advisories/2007/3861 http://www.vupen.com/english/advisories/2007/4224 XForce ISS Database: sun-java-class-unauthorized-access(35491) https://exchange.xforce.ibmcloud.com/vulnerabilities/35491 |
| Copyright | Copyright (C) 2012 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |