Slackware Local Security Checks : Slackware: Security Advisory (SSA:2007-243-01)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.59015

Category: Slackware Local Security Checks

Title: Slackware: Security Advisory (SSA:2007-243-01)

Summary: The remote host is missing an update for the 'java' package(s) announced via the SSA:2007-243-01 advisory.

Description: Summary:
The remote host is missing an update for the 'java' package(s) announced via the SSA:2007-243-01 advisory.

Vulnerability Insight:
Sun has released security advisories pertaining to both the Java
Runtime Environment and the Standard Edition Development Kit.

One such advisory may be found here:
[link moved to references]

Updated versions of both the jre and jdk packages are provided
which address all known flaws in Java(TM) at this time. There
may be more advisories on [link moved to references] describing other
flaws that are patched with this update. Happy hunting!

Slackware repackages Sun's Java(TM) binaries without changing them,
so the packages from Slackware 12.0 should work on all glibc based
Slackware versions.

Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
Fri Aug 31 13:33:54 CDT 2007
patches/packages/jre-6u2-i586-1.tgz:
Upgraded to Java(TM) 2 Platform Standard Edition Runtime Environment
Version 6.0 update 2.
This update addresses code errors which could possibly be leveraged to
compromise system security, though we know of no existing exploits.
This update consists of the official Java(TM) binaries repackaged in
Slackware's package format, and may be used on any version of Slackware
that is based on glibc.
For more information, see:
[link moved to references]
(* Security fix *)
An additional change was made to the script that Slackware uses to
set environment variables for Java(TM). Now, after the $JAVA_HOME
variable is set, the next variable settings make use of it, rather
than hard-coding the path to $JAVA_HOME. This does not fix a bug,
but is certainly better scripting style. Thanks to Jason Byrne and
Jean-Christophe Fargette for suggesting this change.
extra/jdk-6/jdk-6u2-i586-1.tgz: Upgraded to Java(TM) 2 Platform
Standard Edition Development Kit Version 6.0 update 2.
This update addresses code errors which could possibly be leveraged to
compromise system security, though we know of no existing exploits.
This update consists of the official Java(TM) binaries repackaged in
Slackware's package format, and may be used on any version of Slackware
that is based on glibc.
For more information, see:
[link moved to references]
(* Security fix *)
An additional change was made to the script that Slackware uses to
set environment variables for Java(TM). Now, after the $JAVA_HOME
variable is set, the next variable settings make use of it, rather
than hard-coding the path to $JAVA_HOME. This does not fix a bug,
but is certainly better scripting style. Thanks to Jason Byrne and
Jean-Christophe Fargette for suggesting this change.
+--------------------------+

Affected Software/OS:
'java' package(s) on Slackware 12.0.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-3922
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
http://dev2dev.bea.com/pub/advisory/248
BugTraq ID: 25054
http://www.securityfocus.com/bid/25054
http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml
HPdes Security Advisory: HPSBMA02288
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450
HPdes Security Advisory: SSRT071465
http://docs.info.apple.com/article.html?artnum=307177
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10387
http://www.redhat.com/support/errata/RHSA-2007-0818.html
http://www.redhat.com/support/errata/RHSA-2007-0829.html
http://www.redhat.com/support/errata/RHSA-2008-0133.html
http://www.securitytracker.com/id?1018428
http://secunia.com/advisories/26314
http://secunia.com/advisories/26369
http://secunia.com/advisories/26631
http://secunia.com/advisories/26645
http://secunia.com/advisories/26933
http://secunia.com/advisories/27266
http://secunia.com/advisories/27635
http://secunia.com/advisories/28115
http://secunia.com/advisories/30805
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.486841
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1
SuSE Security Announcement: SUSE-SA:2007:056 (Google Search)
http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html
http://www.vupen.com/english/advisories/2007/2573
http://www.vupen.com/english/advisories/2007/3009
http://www.vupen.com/english/advisories/2007/3861
http://www.vupen.com/english/advisories/2007/4224
XForce ISS Database: sun-java-class-unauthorized-access(35491)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35491

Copyright Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.59015
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2007-243-01)
Summary:	The remote host is missing an update for the 'java' package(s) announced via the SSA:2007-243-01 advisory.
Description:	Summary: The remote host is missing an update for the 'java' package(s) announced via the SSA:2007-243-01 advisory. Vulnerability Insight: Sun has released security advisories pertaining to both the Java Runtime Environment and the Standard Edition Development Kit. One such advisory may be found here: [link moved to references] Updated versions of both the jre and jdk packages are provided which address all known flaws in Java(TM) at this time. There may be more advisories on [link moved to references] describing other flaws that are patched with this update. Happy hunting! Slackware repackages Sun's Java(TM) binaries without changing them, so the packages from Slackware 12.0 should work on all glibc based Slackware versions. Here are the details from the Slackware 12.0 ChangeLog: +--------------------------+ Fri Aug 31 13:33:54 CDT 2007 patches/packages/jre-6u2-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Runtime Environment Version 6.0 update 2. This update addresses code errors which could possibly be leveraged to compromise system security, though we know of no existing exploits. This update consists of the official Java(TM) binaries repackaged in Slackware's package format, and may be used on any version of Slackware that is based on glibc. For more information, see: [link moved to references] (* Security fix ) An additional change was made to the script that Slackware uses to set environment variables for Java(TM). Now, after the $JAVA_HOME variable is set, the next variable settings make use of it, rather than hard-coding the path to $JAVA_HOME. This does not fix a bug, but is certainly better scripting style. Thanks to Jason Byrne and Jean-Christophe Fargette for suggesting this change. extra/jdk-6/jdk-6u2-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Development Kit Version 6.0 update 2. This update addresses code errors which could possibly be leveraged to compromise system security, though we know of no existing exploits. This update consists of the official Java(TM) binaries repackaged in Slackware's package format, and may be used on any version of Slackware that is based on glibc. For more information, see: [link moved to references] ( Security fix *) An additional change was made to the script that Slackware uses to set environment variables for Java(TM). Now, after the $JAVA_HOME variable is set, the next variable settings make use of it, rather than hard-coding the path to $JAVA_HOME. This does not fix a bug, but is certainly better scripting style. Thanks to Jason Byrne and Jean-Christophe Fargette for suggesting this change. +--------------------------+ Affected Software/OS: 'java' package(s) on Slackware 12.0. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3922 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://dev2dev.bea.com/pub/advisory/248 BugTraq ID: 25054 http://www.securityfocus.com/bid/25054 http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml HPdes Security Advisory: HPSBMA02288 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450 HPdes Security Advisory: SSRT071465 http://docs.info.apple.com/article.html?artnum=307177 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10387 http://www.redhat.com/support/errata/RHSA-2007-0818.html http://www.redhat.com/support/errata/RHSA-2007-0829.html http://www.redhat.com/support/errata/RHSA-2008-0133.html http://www.securitytracker.com/id?1018428 http://secunia.com/advisories/26314 http://secunia.com/advisories/26369 http://secunia.com/advisories/26631 http://secunia.com/advisories/26645 http://secunia.com/advisories/26933 http://secunia.com/advisories/27266 http://secunia.com/advisories/27635 http://secunia.com/advisories/28115 http://secunia.com/advisories/30805 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.486841 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1 SuSE Security Announcement: SUSE-SA:2007:056 (Google Search) http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html http://www.vupen.com/english/advisories/2007/2573 http://www.vupen.com/english/advisories/2007/3009 http://www.vupen.com/english/advisories/2007/3861 http://www.vupen.com/english/advisories/2007/4224 XForce ISS Database: sun-java-class-unauthorized-access(35491) https://exchange.xforce.ibmcloud.com/vulnerabilities/35491
Copyright	Copyright (C) 2012 Greenbone AG