ID de Prueba:	1.3.6.1.4.1.25623.1.0.64672
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:1236
Resumen:	The remote host is missing updates announced in;advisory RHSA-2009:1236.;;The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and;the IBM Java 2 Software Development Kit.;;This update fixes several vulnerabilities in the IBM Java 2 Runtime;Environment and the IBM Java 2 Software Development Kit. These;vulnerabilities are summarized on the IBM Security alerts page listed in;the References section. (CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,;CVE-2009-2672, CVE-2009-2673, CVE-2009-2675);;All users of java-1.5.0-ibm are advised to upgrade to these updated;packages, containing the IBM 1.5.0 SR10 Java release. All running instances;of IBM Java must be restarted for this update to take effect.;;Note: The packages included in this update are identical to the packages;made available by RHEA-2009:1208 and RHEA-2009:1210 on the 13th of;August 2009. These packages are being reissued as a Red Hat Security;Advisory as they fixed a number of security issues that were not made;public until after those errata were released. Since the packages are;identical, there is no need to install this update if RHEA-2009:1208 or;RHEA-2009:1210 has already been installed.
Descripción:	Summary: The remote host is missing updates announced in advisory RHSA-2009:1236. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM Security alerts page listed in the References section. (CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR10 Java release. All running instances of IBM Java must be restarted for this update to take effect. Note: The packages included in this update are identical to the packages made available by RHEA-2009:1208 and RHEA-2009:1210 on the 13th of August 2009. These packages are being reissued as a Red Hat Security Advisory as they fixed a number of security issues that were not made public until after those errata were released. Since the packages are identical, there is no need to install this update if RHEA-2009:1208 or RHEA-2009:1210 has already been installed. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2625 http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html BugTraq ID: 35958 http://www.securityfocus.com/bid/35958 Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search) http://www.securityfocus.com/archive/1/507985/100/0/threaded Cert/CC Advisory: TA09-294A http://www.us-cert.gov/cas/techalerts/TA09-294A.html Cert/CC Advisory: TA10-012A http://www.us-cert.gov/cas/techalerts/TA10-012A.html Debian Security Information: DSA-1984 (Google Search) http://www.debian.org/security/2010/dsa-1984 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html HPdes Security Advisory: HPSBUX02476 http://marc.info/?l=bugtraq&m=125787273209737&w=2 HPdes Security Advisory: SSRT090250 http://www.mandriva.com/security/advisories?name=MDVSA-2009:209 http://www.mandriva.com/security/advisories?name=MDVSA-2011:108 http://www.cert.fi/en/reports/2009/vulnerability2009085.html http://www.codenomicon.com/labs/xml/ http://www.networkworld.com/columnists/2009/080509-xml-flaw.html https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55@%3Csolr-user.lucene.apache.org%3E http://www.openwall.com/lists/oss-security/2009/09/06/1 http://www.openwall.com/lists/oss-security/2009/10/22/9 http://www.openwall.com/lists/oss-security/2009/10/23/6 http://www.openwall.com/lists/oss-security/2009/10/26/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356 RedHat Security Advisories: RHSA-2009:1199 https://rhn.redhat.com/errata/RHSA-2009-1199.html RedHat Security Advisories: RHSA-2009:1200 https://rhn.redhat.com/errata/RHSA-2009-1200.html RedHat Security Advisories: RHSA-2009:1201 https://rhn.redhat.com/errata/RHSA-2009-1201.html http://www.redhat.com/support/errata/RHSA-2009-1615.html RedHat Security Advisories: RHSA-2009:1636 https://rhn.redhat.com/errata/RHSA-2009-1636.html RedHat Security Advisories: RHSA-2009:1637 https://rhn.redhat.com/errata/RHSA-2009-1637.html RedHat Security Advisories: RHSA-2009:1649 https://rhn.redhat.com/errata/RHSA-2009-1649.html RedHat Security Advisories: RHSA-2009:1650 https://rhn.redhat.com/errata/RHSA-2009-1650.html http://www.redhat.com/support/errata/RHSA-2011-0858.html RedHat Security Advisories: RHSA-2012:1232 http://rhn.redhat.com/errata/RHSA-2012-1232.html RedHat Security Advisories: RHSA-2012:1537 http://rhn.redhat.com/errata/RHSA-2012-1537.html http://www.securitytracker.com/id?1022680 http://secunia.com/advisories/36162 http://secunia.com/advisories/36176 http://secunia.com/advisories/36180 http://secunia.com/advisories/36199 http://secunia.com/advisories/37300 http://secunia.com/advisories/37460 http://secunia.com/advisories/37671 http://secunia.com/advisories/37754 http://secunia.com/advisories/38231 http://secunia.com/advisories/38342 http://secunia.com/advisories/43300 http://secunia.com/advisories/50549 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1 SuSE Security Announcement: SUSE-SA:2009:053 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html SuSE Security Announcement: SUSE-SR:2009:016 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html SuSE Security Announcement: SUSE-SR:2009:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://www.ubuntu.com/usn/USN-890-1 http://www.vupen.com/english/advisories/2009/2543 http://www.vupen.com/english/advisories/2009/3316 http://www.vupen.com/english/advisories/2011/0359 Common Vulnerability Exposure (CVE) ID: CVE-2009-2670 BugTraq ID: 35939 http://www.securityfocus.com/bid/35939 http://security.gentoo.org/glsa/glsa-200911-02.xml http://osvdb.org/56788 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11326 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8022 http://www.securitytracker.com/id?1022658 http://secunia.com/advisories/36248 http://secunia.com/advisories/37386 http://sunsolve.sun.com/search/document.do?assetkey=1-66-263408-1 SuSE Security Announcement: SUSE-SA:2009:043 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html XForce ISS Database: jre-jdk-audiosystem-priv-escalation(52306) https://exchange.xforce.ibmcloud.com/vulnerabilities/52306 Common Vulnerability Exposure (CVE) ID: CVE-2009-2671 BugTraq ID: 35943 http://www.securityfocus.com/bid/35943 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11115 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8259 http://www.securitytracker.com/id?1022659 http://sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1 XForce ISS Database: sun-jre-socks-info-disclosure(52336) https://exchange.xforce.ibmcloud.com/vulnerabilities/52336 Common Vulnerability Exposure (CVE) ID: CVE-2009-2672 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7723 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9359 XForce ISS Database: sun-jre-proxy-session-hijacking(52337) https://exchange.xforce.ibmcloud.com/vulnerabilities/52337 Common Vulnerability Exposure (CVE) ID: CVE-2009-2673 http://osvdb.org/56785 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10263 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8558 XForce ISS Database: sun-jre-proxy-security-bypass(52338) https://exchange.xforce.ibmcloud.com/vulnerabilities/52338 Common Vulnerability Exposure (CVE) ID: CVE-2009-2675 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=814 http://www.zerodayinitiative.com/advisories/ZDI-09-049/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10840 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8415 http://sunsolve.sun.com/search/document.do?assetkey=1-66-263488-1 XForce ISS Database: jre-pak200-bo(52307) https://exchange.xforce.ibmcloud.com/vulnerabilities/52307
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.