| Description: | Summary:
The remote host is missing an update for the 'java-1.6.0-openjdk' package(s) announced via the ELSA-2011-0857 advisory.
Vulnerability Insight:
[1:1.6.0.0-1.22.1.9.8.0.1.el5_6]
- Add oracle-enterprise.patch
[1:1.6.0.0-1.22.1.9.8]
- Resolves: rhbz#668488
- Bumped to IcedTea6 1.9.8
- RH706250, S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent
disabled get still selected for read ops (win)
- RH706106, S6618658, CVE-2011-0865: Vulnerability in deserialization
- RH706111, S7012520, CVE-2011-0815: Heap overflow vulnerability in
FileDialog.show()
- RH706139, S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D
code
- RH706153, S7013969, CVE-2011-0867: NetworkInterface.toString can reveal
bindings
- RH706234, S7013971, CVE-2011-0869: Vulnerability in SAAJ
- RH706239, S7016340, CVE-2011-0870: Vulnerability in SAAJ
- RH706241, S7016495, CVE-2011-0868: Crash in Java 2D transforming an image
with scale close to zero
- RH706248, S7020198, CVE-2011-0871: ImageIcon creates Component with null acc
- RH706245, S7020373, CVE-2011-0864: JSR rewriting can overflow memory address
size variables
[1:1.6.0.0-1.22.1.9.7]
- Resolves bz690289
- Import from RHEL-5_6-Z
- Updated to IcedTea6 1.9.7
- Removed all plugin/webstart related commented lines
- Modified bz entry format in previous logs to get around cvs ack checking bug
Affected Software/OS:
'java-1.6.0-openjdk' package(s) on Oracle Linux 5.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
