Description: | Description: The remote host is missing an update to java-1.6.0-openjdk announced via advisory FEDORA-2010-16294.
The OpenJDK runtime environment.
References:
[ 1 ] Bug #533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation https://bugzilla.redhat.com/show_bug.cgi?id=533125 [ 2 ] Bug #642202 - CVE-2010-3541 CVE-2010-3573 OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004) https://bugzilla.redhat.com/show_bug.cgi?id=642202 [ 3 ] Bug #639909 - CVE-2010-3548 OpenJDK DNS server IP address information leak (6957564) https://bugzilla.redhat.com/show_bug.cgi?id=639909 [ 4 ] Bug #642180 - CVE-2010-3549 OpenJDK HttpURLConnection request splitting (6952017) https://bugzilla.redhat.com/show_bug.cgi?id=642180 [ 5 ] Bug #642187 - CVE-2010-3551 OpenJDK local network address disclosure (6952603) https://bugzilla.redhat.com/show_bug.cgi?id=642187 [ 6 ] Bug #642167 - CVE-2010-3553 OpenJDK Swing unsafe reflection usage (6622002) https://bugzilla.redhat.com/show_bug.cgi?id=642167 [ 7 ] Bug #639880 - CVE-2010-3554 CVE-2010-3561 OpenJDK corba reflection vulnerabilities (6891766,6925672) https://bugzilla.redhat.com/show_bug.cgi?id=639880 [ 8 ] Bug #639904 - CVE-2010-3557 OpenJDK Swing mutable static (6938813) https://bugzilla.redhat.com/show_bug.cgi?id=639904 [ 9 ] Bug #639897 - CVE-2010-3562 OpenJDK IndexColorModel double-free (6925710) https://bugzilla.redhat.com/show_bug.cgi?id=639897 [ 10 ] Bug #639914 - CVE-2010-3564 OpenJDK kerberos vulnerability (6958060) https://bugzilla.redhat.com/show_bug.cgi?id=639914 [ 11 ] Bug #639920 - CVE-2010-3565 OpenJDK JPEG writeImage remote code execution (6963023) https://bugzilla.redhat.com/show_bug.cgi?id=639920 [ 12 ] Bug #642197 - CVE-2010-3567 OpenJDK ICU Opentype layout engine crash (6963285) https://bugzilla.redhat.com/show_bug.cgi?id=642197 [ 13 ] Bug #639876 - CVE-2010-3568 OpenJDK Deserialization Race condition (6559775) https://bugzilla.redhat.com/show_bug.cgi?id=639876 [ 14 ] Bug #639925 - CVE-2010-3569 OpenJDK Serialization inconsistencies (6966692) https://bugzilla.redhat.com/show_bug.cgi?id=639925 [ 15 ] Bug #642215 - CVE-2010-3574 OpenJDK HttpURLConnection incomplete TRACE permission check (6981426) https://bugzilla.redhat.com/show_bug.cgi?id=642215
Solution: Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update java-1.6.0-openjdk' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2010-16294
Risk factor : Critical
CVSS Score: 10.0
|