Test ID:	1.3.6.1.4.1.25623.1.0.68998
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2161-2)
Summary:	The remote host is missing an update for the Debian 'openjdk-6' package(s) announced via the DSA-2161-2 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'openjdk-6' package(s) announced via the DSA-2161-2 advisory. Vulnerability Insight: It was discovered that the floating point parser in OpenJDK, an implementation of the Java platform, can enter an infinite loop when processing certain input strings. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack. For the oldstable distribution (lenny), this problem will be fixed in version 6b18-1.8.3-2~ lenny1. For technical reasons, this update will be released separately. For the stable distribution (squeeze), this problem has been fixed in version 6b18-1.8.3-2+squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your openjdk-6 packages. Affected Software/OS: 'openjdk-6' package(s) on Debian 5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4476 AIX APAR: IZ94423 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ94423 AIX APAR: PM31983 http://www-01.ibm.com/support/docview.wss?uid=swg1PM31983 Debian Security Information: DSA-2161 (Google Search) http://www.debian.org/security/2011/dsa-2161 http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053926.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053934.html http://security.gentoo.org/glsa/glsa-201406-32.xml HPdes Security Advisory: HPSBMA02642 http://marc.info/?l=bugtraq&m=130514352726432&w=2 HPdes Security Advisory: HPSBMU02690 http://marc.info/?l=bugtraq&m=131041767210772&w=2 HPdes Security Advisory: HPSBMU02797 http://marc.info/?l=bugtraq&m=134254957702612&w=2 HPdes Security Advisory: HPSBMU02799 http://marc.info/?l=bugtraq&m=134254866602253&w=2 HPdes Security Advisory: HPSBNS02633 http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02720715&admit=109447627+1298159618320+28353475 HPdes Security Advisory: HPSBOV02634 http://marc.info/?l=bugtraq&m=130497132406206&w=2 HPdes Security Advisory: HPSBOV02762 http://marc.info/?l=bugtraq&m=133469267822771&w=2 HPdes Security Advisory: HPSBTU02684 http://marc.info/?l=bugtraq&m=130497185606818&w=2 HPdes Security Advisory: HPSBUX02633 http://marc.info/?l=bugtraq&m=129899347607632&w=2 HPdes Security Advisory: HPSBUX02641 http://marc.info/?l=bugtraq&m=129960314701922&w=2 HPdes Security Advisory: HPSBUX02642 http://marc.info/?l=bugtraq&m=130270785502599&w=2 HPdes Security Advisory: HPSBUX02645 http://marc.info/?l=bugtraq&m=130168502603566&w=2 HPdes Security Advisory: HPSBUX02725 http://marc.info/?l=bugtraq&m=132215163318824&w=2 HPdes Security Advisory: HPSBUX02777 http://marc.info/?l=bugtraq&m=133728004526190&w=2 HPdes Security Advisory: HPSBUX02860 http://marc.info/?l=bugtraq&m=136485229118404&w=2 HPdes Security Advisory: SSRT100387 HPdes Security Advisory: SSRT100390 HPdes Security Advisory: SSRT100412 HPdes Security Advisory: SSRT100415 HPdes Security Advisory: SSRT100569 HPdes Security Advisory: SSRT100627 HPdes Security Advisory: SSRT100825 HPdes Security Advisory: SSRT100854 HPdes Security Advisory: SSRT100867 HPdes Security Advisory: SSRT101146 http://www.mandriva.com/security/advisories?name=MDVSA-2011:054 http://blog.fortify.com/blog/2011/02/08/Double-Trouble http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12662 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12745 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14328 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14589 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19493 http://www.redhat.com/support/errata/RHSA-2011-0210.html http://www.redhat.com/support/errata/RHSA-2011-0211.html http://www.redhat.com/support/errata/RHSA-2011-0212.html http://www.redhat.com/support/errata/RHSA-2011-0213.html http://www.redhat.com/support/errata/RHSA-2011-0214.html http://www.redhat.com/support/errata/RHSA-2011-0282.html http://www.redhat.com/support/errata/RHSA-2011-0333.html http://www.redhat.com/support/errata/RHSA-2011-0334.html http://www.redhat.com/support/errata/RHSA-2011-0880.html http://www.securitytracker.com/id?1025062 http://secunia.com/advisories/43048 http://secunia.com/advisories/43280 http://secunia.com/advisories/43295 http://secunia.com/advisories/43304 http://secunia.com/advisories/43333 http://secunia.com/advisories/43378 http://secunia.com/advisories/43400 http://secunia.com/advisories/43659 http://secunia.com/advisories/44954 http://secunia.com/advisories/45022 http://secunia.com/advisories/45555 http://secunia.com/advisories/49198 SuSE Security Announcement: SUSE-SA:2011:024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html SuSE Security Announcement: SUSE-SU-2011:0823 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html http://www.vupen.com/english/advisories/2011/0365 http://www.vupen.com/english/advisories/2011/0377 http://www.vupen.com/english/advisories/2011/0379 http://www.vupen.com/english/advisories/2011/0422 http://www.vupen.com/english/advisories/2011/0434 http://www.vupen.com/english/advisories/2011/0605
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.