Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2014-387)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.120409
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2014-387)
Summary:	The remote host is missing an update for the 'java-1.6.0-openjdk' package(s) announced via the ALAS-2014-387 advisory.
Description:	Summary: The remote host is missing an update for the 'java-1.6.0-openjdk' package(s) announced via the ALAS-2014-387 advisory. Vulnerability Insight: It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2014-4262) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) Affected Software/OS: 'java-1.6.0-openjdk' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2490 BugTraq ID: 68645 http://www.securityfocus.com/bid/68645 Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/534161/100/0/threaded Debian Security Information: DSA-2980 (Google Search) http://www.debian.org/security/2014/dsa-2980 Debian Security Information: DSA-2987 (Google Search) http://www.debian.org/security/2014/dsa-2987 http://seclists.org/fulldisclosure/2014/Dec/23 http://security.gentoo.org/glsa/glsa-201502-12.xml HPdes Security Advisory: HPSBUX03091 http://marc.info/?l=bugtraq&m=140852886808946&w=2 HPdes Security Advisory: SSRT101667 RedHat Security Advisories: RHSA-2014:0902 https://access.redhat.com/errata/RHSA-2014:0902 http://www.securitytracker.com/id/1030577 http://secunia.com/advisories/60129 http://secunia.com/advisories/60485 http://secunia.com/advisories/60812 Common Vulnerability Exposure (CVE) ID: CVE-2014-4209 BugTraq ID: 68639 http://www.securityfocus.com/bid/68639 HPdes Security Advisory: HPSBUX03092 http://marc.info/?l=bugtraq&m=140852974709252&w=2 HPdes Security Advisory: SSRT101668 RedHat Security Advisories: RHSA-2014:0908 https://access.redhat.com/errata/RHSA-2014:0908 RedHat Security Advisories: RHSA-2015:0264 http://rhn.redhat.com/errata/RHSA-2015-0264.html http://secunia.com/advisories/59404 http://secunia.com/advisories/59680 http://secunia.com/advisories/59924 http://secunia.com/advisories/59985 http://secunia.com/advisories/59986 http://secunia.com/advisories/59987 http://secunia.com/advisories/60081 http://secunia.com/advisories/60245 http://secunia.com/advisories/60317 http://secunia.com/advisories/60622 http://secunia.com/advisories/60817 http://secunia.com/advisories/61577 http://secunia.com/advisories/61640 SuSE Security Announcement: SUSE-SU-2015:0344 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html SuSE Security Announcement: SUSE-SU-2015:0376 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html SuSE Security Announcement: SUSE-SU-2015:0392 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html XForce ISS Database: oracle-cpujul2014-cve20144209(94596) https://exchange.xforce.ibmcloud.com/vulnerabilities/94596 Common Vulnerability Exposure (CVE) ID: CVE-2014-4216 BugTraq ID: 68562 http://www.securityfocus.com/bid/68562 XForce ISS Database: oracle-cpujul2014-cve20144216(94591) https://exchange.xforce.ibmcloud.com/vulnerabilities/94591 Common Vulnerability Exposure (CVE) ID: CVE-2014-4218 BugTraq ID: 68583 http://www.securityfocus.com/bid/68583 XForce ISS Database: oracle-cpujul2014-cve20144218(94599) https://exchange.xforce.ibmcloud.com/vulnerabilities/94599 Common Vulnerability Exposure (CVE) ID: CVE-2014-4219 BugTraq ID: 68620 http://www.securityfocus.com/bid/68620 XForce ISS Database: oracle-cpujul2014-cve20144219(94589) https://exchange.xforce.ibmcloud.com/vulnerabilities/94589 Common Vulnerability Exposure (CVE) ID: CVE-2014-4244 BugTraq ID: 68624 http://www.securityfocus.com/bid/68624 http://secunia.com/advisories/58830 http://secunia.com/advisories/59503 http://secunia.com/advisories/60002 http://secunia.com/advisories/60031 http://secunia.com/advisories/60032 http://secunia.com/advisories/60326 http://secunia.com/advisories/60335 http://secunia.com/advisories/60497 http://secunia.com/advisories/60831 http://secunia.com/advisories/60846 http://secunia.com/advisories/60890 http://secunia.com/advisories/61050 http://secunia.com/advisories/61215 http://secunia.com/advisories/61254 http://secunia.com/advisories/61264 http://secunia.com/advisories/61278 http://secunia.com/advisories/61293 http://secunia.com/advisories/61294 http://secunia.com/advisories/61417 http://secunia.com/advisories/61469 http://secunia.com/advisories/61846 http://secunia.com/advisories/62314 XForce ISS Database: oracle-cpujul2014-cve20144244(94605) https://exchange.xforce.ibmcloud.com/vulnerabilities/94605 Common Vulnerability Exposure (CVE) ID: CVE-2014-4252 BugTraq ID: 68642 http://www.securityfocus.com/bid/68642 XForce ISS Database: oracle-cpujul2014-cve20144252(94600) https://exchange.xforce.ibmcloud.com/vulnerabilities/94600 Common Vulnerability Exposure (CVE) ID: CVE-2014-4262 BugTraq ID: 68599 http://www.securityfocus.com/bid/68599 XForce ISS Database: oracle-cpujul2014-cve20144262(94595) https://exchange.xforce.ibmcloud.com/vulnerabilities/94595 Common Vulnerability Exposure (CVE) ID: CVE-2014-4263 BugTraq ID: 68636 http://www.securityfocus.com/bid/68636 http://secunia.com/advisories/60180 http://secunia.com/advisories/60839 http://secunia.com/advisories/62319 XForce ISS Database: oracle-cpujul2014-cve20144263(94606) https://exchange.xforce.ibmcloud.com/vulnerabilities/94606 Common Vulnerability Exposure (CVE) ID: CVE-2014-4266 BugTraq ID: 68596 http://www.securityfocus.com/bid/68596 XForce ISS Database: oracle-cpujul2014-cve20144266(94601) https://exchange.xforce.ibmcloud.com/vulnerabilities/94601
Copyright	Copyright (C) 2015 Greenbone AG