ID de Prueba:	1.3.6.1.4.1.25623.1.0.870889
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for java-1.7.0-openjdk RHSA-2013:0165-01
Resumen:	The remote host is missing an update for the 'java-1.7.0-openjdk'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'java-1.7.0-openjdk' package(s) announced via the referenced advisory. Vulnerability Insight: These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-3174, CVE-2013-0422) This erratum also upgrades the OpenJDK package to IcedTea7 2.3.4. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. Affected Software/OS: java-1.7.0-openjdk on Red Hat Enterprise Linux (v. 5 server), Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3174 http://www.mandriva.com/security/advisories?name=MDVSA-2013:095 http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/ RedHat Security Advisories: RHSA-2013:0156 http://rhn.redhat.com/errata/RHSA-2013-0156.html RedHat Security Advisories: RHSA-2013:0165 http://rhn.redhat.com/errata/RHSA-2013-0165.html SuSE Security Announcement: openSUSE-SU-2013:0199 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html http://www.ubuntu.com/usn/USN-1693-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-0422 Bugtraq: 20130110 [SE-2012-01] 'Fix' for Issue 32 exploited by new Java 0-day code (Google Search) http://seclists.org/bugtraq/2013/Jan/48 Cert/CC Advisory: TA13-010A http://www.us-cert.gov/cas/techalerts/TA13-010A.html CERT/CC vulnerability note: VU#625617 http://www.kb.cert.org/vuls/id/625617 http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/ http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/ http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013 https://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_us
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.