Test ID:	1.3.6.1.4.1.25623.1.0.120133
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2012-88)
Summary:	The remote host is missing an update for the 'java-1.6.0-openjdk' package(s) announced via the ALAS-2012-88 advisory.
Description:	Summary: The remote host is missing an update for the 'java-1.6.0-openjdk' package(s) announced via the ALAS-2012-88 advisory. Vulnerability Insight: Multiple flaws were discovered in the CORBA (Common Object Request Broker Architecture) implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. (CVE-2012-1711, CVE-2012-1719) It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. (CVE-2012-1716) Multiple flaws were discovered in the font manager's layout lookup implementation. A specially-crafted font file could cause the Java Virtual Machine to crash or, possibly, execute arbitrary code with the privileges of the user running the virtual machine. (CVE-2012-1713) Multiple flaws were found in the way the Java HotSpot Virtual Machine verified the bytecode of the class file to be executed. A specially-crafted Java application or applet could use these flaws to crash the Java Virtual Machine, or bypass Java sandbox restrictions. (CVE-2012-1723, CVE-2012-1725) It was discovered that the Java XML parser did not properly handle certain XML documents. An attacker able to make a Java application parse a specially-crafted XML file could use this flaw to make the XML parser enter an infinite loop. (CVE-2012-1724) It was discovered that the Java security classes did not properly handle Certificate Revocation Lists (CRL). CRL containing entries with duplicate certificate serial numbers could have been ignored. (CVE-2012-1718) It was discovered that various classes of the Java Runtime library could create temporary files with insecure permissions. A local attacker could use this flaw to gain access to the content of such temporary files. (CVE-2012-1717) Affected Software/OS: 'java-1.6.0-openjdk' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1711 BugTraq ID: 53949 http://www.securityfocus.com/bid/53949 http://security.gentoo.org/glsa/glsa-201406-32.xml HPdes Security Advisory: HPSBUX02805 http://marc.info/?l=bugtraq&m=134496371727681&w=2 HPdes Security Advisory: SSRT100919 http://www.mandriva.com/security/advisories?name=MDVSA-2012:095 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15996 RedHat Security Advisories: RHSA-2012:0734 http://rhn.redhat.com/errata/RHSA-2012-0734.html Common Vulnerability Exposure (CVE) ID: CVE-2012-1713 BugTraq ID: 53946 http://www.securityfocus.com/bid/53946 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16502 RedHat Security Advisories: RHSA-2012:1243 http://rhn.redhat.com/errata/RHSA-2012-1243.html RedHat Security Advisories: RHSA-2013:1455 http://rhn.redhat.com/errata/RHSA-2013-1455.html RedHat Security Advisories: RHSA-2013:1456 http://rhn.redhat.com/errata/RHSA-2013-1456.html http://secunia.com/advisories/50659 http://secunia.com/advisories/51080 SuSE Security Announcement: SUSE-SU-2012:1177 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html SuSE Security Announcement: SUSE-SU-2012:1204 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html SuSE Security Announcement: SUSE-SU-2012:1231 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html SuSE Security Announcement: SUSE-SU-2012:1265 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html Common Vulnerability Exposure (CVE) ID: CVE-2012-1716 BugTraq ID: 53947 http://www.securityfocus.com/bid/53947 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16168 Common Vulnerability Exposure (CVE) ID: CVE-2012-1717 BugTraq ID: 53952 http://www.securityfocus.com/bid/53952 Common Vulnerability Exposure (CVE) ID: CVE-2012-1718 BugTraq ID: 53951 http://www.securityfocus.com/bid/53951 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15923 RedHat Security Advisories: RHSA-2012:1467 http://rhn.redhat.com/errata/RHSA-2012-1467.html http://secunia.com/advisories/51326 Common Vulnerability Exposure (CVE) ID: CVE-2012-1723 BugTraq ID: 53960 http://www.securityfocus.com/bid/53960 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16259 Common Vulnerability Exposure (CVE) ID: CVE-2012-1724 BugTraq ID: 53958 http://www.securityfocus.com/bid/53958 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16659
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.