 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.123679 |
| Category: | Oracle Linux Local Security Checks |
| Title: | Oracle: Security Advisory (ELSA-2013-0602) |
| Summary: | The remote host is missing an update for the 'java-1.7.0-openjdk' package(s) announced via the ELSA-2013-0602 advisory. |
| Description: | Summary: The remote host is missing an update for the 'java-1.7.0-openjdk' package(s) announced via the ELSA-2013-0602 advisory. Vulnerability Insight: [1.7.0.9-2.3.8.0.0.1.el6_4] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.8.0el6] - Revert to rhel 6.3 version of spec file - Revert to icedtea7 2.3.8 forest - Resolves: rhbz#917183 [1.7.0.11-2.4.0.pre5.el6] - Update to latest snapshot of icedtea7 2.4 forest - Resolves: rhbz#917183 [1.7.0.9-2.4.0.pre4.3.el6] - Updated to icedtea 2.4.0.pre4, - Rewritten (again) patch3 java-1.7.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#911530 [1.7.0.9-2.4.0.pre3.3.el6] - Updated to icedtea 2.4.0.pre3, updated! - Rewritten patch3 java-1.7.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#911530 [1.7.0.9-2.4.0.pre2.3.el6] - Removed testing - mauve was outdated and - jtreg was icedtea relict - Updated to icedtea 2.4.0.pre2, updated? - Added java -Xshare:dump to post (see 513605)forjitarchs - Resolves: rhbz#911530 [1.7.0.11-2.4.0.2.el6] - Unapplied but kept (for 2.3revert) patch110, java-1.7.0-openjdk-nss-icedtea-e9c857dcb964.patch - Added and applied patch113: java-1.7.0-openjdk-aes-update_reset.patch - Added and applied patch114: java-1.7.0-openjdk-nss-tck.patch - Added and applied patch115: java-1.7.0-openjdk-nss-split_results.patch - NSS enabled by default - enable_nss set to 1 - rewritten patch109 - java-1.7.0-openjdk-nss-config-1.patch - rewritten patch111 - java-1.7.0-openjdk-nss-config-2.patch - Resolves: rhbz#831734 [1.7.0.11-2.4.0.1.el6] - Rewritten patch105: java-1.7.0-openjdk-disable-system-lcms.patch - Added jxmd and idlj to alternatives - make executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true - Unapplied patch302 and deleted systemtap.patch - buildver increased to 11 - icedtea_version set to 2.4.0 - Added and applied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch - removed tmp-patches source tarball - Added /lib/security/US_export_policy.jar and lib/security/local_policy.jar - Disabled nss - enable_nss set to 0 - Resolves: rhbz#895034 Affected Software/OS: 'java-1.7.0-openjdk' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-0809 BugTraq ID: 58296 http://www.securityfocus.com/bid/58296 Cert/CC Advisory: TA13-064A http://www.us-cert.gov/ncas/alerts/TA13-064A CERT/CC vulnerability note: VU#688246 http://www.kb.cert.org/vuls/id/688246 http://security.gentoo.org/glsa/glsa-201406-32.xml HPdes Security Advisory: HPSBUX02857 http://marc.info/?l=bugtraq&m=136439120408139&w=2 HPdes Security Advisory: HPSBUX02864 http://marc.info/?l=bugtraq&m=136570436423916&w=2 HPdes Security Advisory: SSRT101103 HPdes Security Advisory: SSRT101156 http://www.mandriva.com/security/advisories?name=MDVSA-2013:095 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-March/022145.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19076 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19320 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19479 RedHat Security Advisories: RHSA-2013:0601 http://rhn.redhat.com/errata/RHSA-2013-0601.html RedHat Security Advisories: RHSA-2013:0603 http://rhn.redhat.com/errata/RHSA-2013-0603.html RedHat Security Advisories: RHSA-2013:0604 http://rhn.redhat.com/errata/RHSA-2013-0604.html RedHat Security Advisories: RHSA-2013:1455 http://rhn.redhat.com/errata/RHSA-2013-1455.html RedHat Security Advisories: RHSA-2013:1456 http://rhn.redhat.com/errata/RHSA-2013-1456.html SuSE Security Announcement: SUSE-SU-2013:0434 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00011.html SuSE Security Announcement: SUSE-SU-2013:0701 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html SuSE Security Announcement: openSUSE-SU-2013:0430 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00009.html SuSE Security Announcement: openSUSE-SU-2013:0438 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00012.html http://www.ubuntu.com/usn/USN-1755-2 Common Vulnerability Exposure (CVE) ID: CVE-2013-1493 BugTraq ID: 58238 http://www.securityfocus.com/bid/58238 http://www.exploit-db.com/exploits/24904 HPdes Security Advisory: HPSBMU02964 http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04117626-1 http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html http://www.symantec.com/connect/blogs/latest-java-zero-day-shares-connections-bit9-security-incident https://krebsonsecurity.com/2013/03/new-java-0-day-attack-echoes-bit9-breach/ https://twitter.com/jduck1337/status/307629902574800897 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19246 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19477 http://www.securitytracker.com/id/1029803 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |