English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75803 CVE descriptions
and 40037 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.69351
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-1079-2 (openjdk-6b18)
Summary:Ubuntu USN-1079-2 (openjdk-6b18)
Description:The remote host is missing an update to openjdk-6b18
announced via advisory USN-1079-2.

Details follow:

USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel (ARM)
architectures. This update provides the corresponding updates for
OpenJDK 6 for use with the armel (ARM) architectures.

In order to build the armel (ARM) OpenJDK 6 update for Ubuntu 10.04
LTS, it was necessary to rebuild binutils and gcj-4.4 from Ubuntu
10.04 LTS updates.

Original advisory details:

It was discovered that untrusted Java applets could create domain
name resolution cache entries, allowing an attacker to manipulate
name resolution within the JVM. (CVE-2010-4448)

It was discovered that the Java launcher did not did not properly
setup the LD_LIBRARY_PATH environment variable. A local attacker
could exploit this to execute arbitrary code as the user invoking
the program. (CVE-2010-4450)

It was discovered that within the Swing library, forged timer events
could allow bypass of SecurityManager checks. This could allow an
attacker to access restricted resources. (CVE-2010-4465)

It was discovered that certain bytecode combinations confused memory
management within the HotSpot JVM. This could allow an attacker to
cause a denial of service through an application crash or possibly
inject code. (CVE-2010-4469)

It was discovered that the way JAXP components were handled
allowed them to be manipulated by untrusted applets. An attacker
could use this to bypass XML processing restrictions and elevate
privileges. (CVE-2010-4470)

It was discovered that the Java2D subcomponent, when processing broken
CFF fonts could leak system properties. (CVE-2010-4471)

It was discovered that a flaw in the XML Digital Signature
component could allow an attacker to cause untrusted code to
replace the XML Digital Signature Transform or C14N algorithm
implementations. (CVE-2010-4472)

Konstantin Preier and others discovered that specific double literals
were improperly handled, allowing a remote attacker to cause a denial
of service. (CVE-2010-4476)

It was discovered that the JNLPClassLoader class when handling multiple
signatures allowed remote attackers to gain privileges due to the
assignment of an inappropriate security descriptor. (CVE-2011-0706)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
icedtea6-plugin 6b18-1.8.7-0ubuntu1~
9.10.1
openjdk-6-jre 6b18-1.8.7-0ubuntu1~
9.10.1
openjdk-6-jre-headless 6b18-1.8.7-0ubuntu1~
9.10.1

Ubuntu 10.04 LTS:
icedtea6-plugin 6b18-1.8.7-0ubuntu1~
10.04.2
openjdk-6-jre 6b18-1.8.7-0ubuntu1~
10.04.2
openjdk-6-jre-headless 6b18-1.8.7-0ubuntu1~
10.04.2

After a standard system update you need to restart any Java services,
applications or applets to make all the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-1079-2

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-4448
Debian Security Information: DSA-2224 (Google Search)
http://www.debian.org/security/2011/dsa-2224
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2011:054
http://www.redhat.com/support/errata/RHSA-2011-0281.html
http://www.redhat.com/support/errata/RHSA-2011-0282.html
http://www.redhat.com/support/errata/RHSA-2011-0880.html
SuSE Security Announcement: SUSE-SA:2011:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html
SuSE Security Announcement: SUSE-SU-2011:0823 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12906
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14045
http://secunia.com/advisories/43350
http://secunia.com/advisories/44954
http://secunia.com/advisories/49198
Common Vulnerability Exposure (CVE) ID: CVE-2010-4450
BugTraq ID: 46397
http://www.securityfocus.com/bid/46397
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12420
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14135
XForce ISS Database: oracle-java-launcher-code-exec(65406)
http://xforce.iss.net/xforce/xfdb/65406
Common Vulnerability Exposure (CVE) ID: CVE-2010-4465
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12925
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14034
Common Vulnerability Exposure (CVE) ID: CVE-2010-4469
BugTraq ID: 46400
http://www.securityfocus.com/bid/46400
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12833
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:13639
XForce ISS Database: oracle-hotspot-code-exec(65399)
http://xforce.iss.net/xforce/xfdb/65399
Common Vulnerability Exposure (CVE) ID: CVE-2010-4470
BugTraq ID: 46387
http://www.securityfocus.com/bid/46387
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12887
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14076
XForce ISS Database: oracle-runtime-dos(65404)
http://xforce.iss.net/xforce/xfdb/65404
Common Vulnerability Exposure (CVE) ID: CVE-2010-4471
BugTraq ID: 46399
http://www.securityfocus.com/bid/46399
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12089
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14417
XForce ISS Database: oracle-runtime-information-disclosure(65405)
http://xforce.iss.net/xforce/xfdb/65405
Common Vulnerability Exposure (CVE) ID: CVE-2010-4472
BugTraq ID: 46404
http://www.securityfocus.com/bid/46404
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12903
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14118
XForce ISS Database: oracle-java-xml-dos(65411)
http://xforce.iss.net/xforce/xfdb/65411
Common Vulnerability Exposure (CVE) ID: CVE-2010-4476
http://blog.fortify.com/blog/2011/02/08/Double-Trouble
http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/
AIX APAR: IZ94423
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ94423
AIX APAR: PM31983
http://www-01.ibm.com/support/docview.wss?uid=swg1PM31983
Debian Security Information: DSA-2161 (Google Search)
http://www.debian.org/security/2011/dsa-2161
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053926.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053934.html
HPdes Security Advisory: HPSBNS02633
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02720715&admit=109447627+1298159618320+28353475
HPdes Security Advisory: SSRT100390
HPdes Security Advisory: HPSBMA02642
http://marc.info/?l=bugtraq&m=130514352726432&w=2
HPdes Security Advisory: HPSBMU02690
http://marc.info/?l=bugtraq&m=131041767210772&w=2
HPdes Security Advisory: SSRT100415
HPdes Security Advisory: SSRT100569
HPdes Security Advisory: HPSBUX02641
http://marc.info/?l=bugtraq&m=129960314701922&w=2
HPdes Security Advisory: SSRT100412
HPdes Security Advisory: HPSBUX02725
http://marc.info/?l=bugtraq&m=132215163318824&w=2
HPdes Security Advisory: SSRT100627
HPdes Security Advisory: HPSBUX02860
http://marc.info/?l=bugtraq&m=136485229118404&w=2
HPdes Security Advisory: SSRT101146
http://www.redhat.com/support/errata/RHSA-2011-0210.html
http://www.redhat.com/support/errata/RHSA-2011-0211.html
http://www.redhat.com/support/errata/RHSA-2011-0212.html
http://www.redhat.com/support/errata/RHSA-2011-0213.html
http://www.redhat.com/support/errata/RHSA-2011-0214.html
http://www.redhat.com/support/errata/RHSA-2011-0333.html
http://www.redhat.com/support/errata/RHSA-2011-0334.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12662
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12745
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14328
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14589
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:19493
http://www.securitytracker.com/id?1025062
http://secunia.com/advisories/43048
http://secunia.com/advisories/43280
http://secunia.com/advisories/43295
http://secunia.com/advisories/43304
http://secunia.com/advisories/43333
http://secunia.com/advisories/43378
http://secunia.com/advisories/43400
http://secunia.com/advisories/45555
http://secunia.com/advisories/43659
http://secunia.com/advisories/45022
http://www.vupen.com/english/advisories/2011/0365
http://www.vupen.com/english/advisories/2011/0377
http://www.vupen.com/english/advisories/2011/0379
http://www.vupen.com/english/advisories/2011/0422
http://www.vupen.com/english/advisories/2011/0434
http://www.vupen.com/english/advisories/2011/0605
Common Vulnerability Exposure (CVE) ID: CVE-2011-0706
https://bugzilla.redhat.com/show_bug.cgi?id=677332
BugTraq ID: 46439
http://www.securityfocus.com/bid/46439
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14117
XForce ISS Database: icedtea-jnlpclassloader-priv-esc(65534)
http://xforce.iss.net/xforce/xfdb/65534
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 40037 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.