Test ID:	1.3.6.1.4.1.25623.1.0.120337
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2012-136)
Summary:	The remote host is missing an update for the 'java-1.6.0-openjdk' package(s) announced via the ALAS-2012-136 advisory.
Description:	Summary: The remote host is missing an update for the 'java-1.6.0-openjdk' package(s) announced via the ALAS-2012-136 advisory. Vulnerability Insight: Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072) It was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079) It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081) It was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075) A bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. (CVE-2012-4416) It was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5077) It was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory. (CVE-2012-3216) This update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, 'jdk.net.registerGopherProtocol', to true. (CVE-2012-5085) Affected Software/OS: 'java-1.6.0-openjdk' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3216 BugTraq ID: 56075 http://www.securityfocus.com/bid/56075 http://security.gentoo.org/glsa/glsa-201406-32.xml HPdes Security Advisory: HPSBOV02833 http://marc.info/?l=bugtraq&m=135758563611658&w=2 HPdes Security Advisory: HPSBUX02832 http://marc.info/?l=bugtraq&m=135542848327757&w=2 HPdes Security Advisory: SSRT101042 HPdes Security Advisory: SSRT101043 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16538 RedHat Security Advisories: RHSA-2012:1385 http://rhn.redhat.com/errata/RHSA-2012-1385.html RedHat Security Advisories: RHSA-2012:1386 http://rhn.redhat.com/errata/RHSA-2012-1386.html RedHat Security Advisories: RHSA-2012:1391 http://rhn.redhat.com/errata/RHSA-2012-1391.html RedHat Security Advisories: RHSA-2012:1392 http://rhn.redhat.com/errata/RHSA-2012-1392.html RedHat Security Advisories: RHSA-2012:1465 http://rhn.redhat.com/errata/RHSA-2012-1465.html RedHat Security Advisories: RHSA-2012:1466 http://rhn.redhat.com/errata/RHSA-2012-1466.html RedHat Security Advisories: RHSA-2012:1467 http://rhn.redhat.com/errata/RHSA-2012-1467.html RedHat Security Advisories: RHSA-2013:1455 http://rhn.redhat.com/errata/RHSA-2013-1455.html RedHat Security Advisories: RHSA-2013:1456 http://rhn.redhat.com/errata/RHSA-2013-1456.html http://secunia.com/advisories/51028 http://secunia.com/advisories/51029 http://secunia.com/advisories/51141 http://secunia.com/advisories/51166 http://secunia.com/advisories/51313 http://secunia.com/advisories/51315 http://secunia.com/advisories/51326 http://secunia.com/advisories/51327 http://secunia.com/advisories/51328 http://secunia.com/advisories/51390 http://secunia.com/advisories/51393 http://secunia.com/advisories/51438 SuSE Security Announcement: SUSE-SU-2012:1398 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html SuSE Security Announcement: SUSE-SU-2012:1489 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00010.html SuSE Security Announcement: SUSE-SU-2012:1490 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00011.html SuSE Security Announcement: SUSE-SU-2012:1595 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html SuSE Security Announcement: openSUSE-SU-2012:1423 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html Common Vulnerability Exposure (CVE) ID: CVE-2012-4416 BugTraq ID: 55501 http://www.securityfocus.com/bid/55501 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16623 Common Vulnerability Exposure (CVE) ID: CVE-2012-5068 BugTraq ID: 56076 http://www.securityfocus.com/bid/56076 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16533 XForce ISS Database: javaruntimeenvironment-lib-cve20125068(79425) https://exchange.xforce.ibmcloud.com/vulnerabilities/79425 Common Vulnerability Exposure (CVE) ID: CVE-2012-5075 BugTraq ID: 56081 http://www.securityfocus.com/bid/56081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16684 XForce ISS Database: javaruntimeenvironment-comjmx-info-disc(79431) https://exchange.xforce.ibmcloud.com/vulnerabilities/79431 Common Vulnerability Exposure (CVE) ID: CVE-2012-5077 BugTraq ID: 56058 http://www.securityfocus.com/bid/56058 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16585 XForce ISS Database: javaruntimeenvironment-sec-info-disc(79437) https://exchange.xforce.ibmcloud.com/vulnerabilities/79437 Common Vulnerability Exposure (CVE) ID: CVE-2012-5079 BugTraq ID: 56082 http://www.securityfocus.com/bid/56082 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16602 XForce ISS Database: javaruntimeenvironment-lib-cve20125079(79433) https://exchange.xforce.ibmcloud.com/vulnerabilities/79433 Common Vulnerability Exposure (CVE) ID: CVE-2012-5081 BugTraq ID: 56071 http://www.securityfocus.com/bid/56071 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16043 Common Vulnerability Exposure (CVE) ID: CVE-2012-5085 BugTraq ID: 56067 http://www.securityfocus.com/bid/56067 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16654 Common Vulnerability Exposure (CVE) ID: CVE-2012-5086 BugTraq ID: 56039 http://www.securityfocus.com/bid/56039 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16387 XForce ISS Database: javaruntimeenvironment-beans-cve20125086(79414) https://exchange.xforce.ibmcloud.com/vulnerabilities/79414
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.