English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.70400
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-2311-1)
Summary:The remote host is missing an update for the Debian 'openjdk-6' package(s) announced via the DSA-2311-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'openjdk-6' package(s) announced via the DSA-2311-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java SE platform. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2011-0862

Integer overflow errors in the JPEG and font parser allow untrusted code (including applets) to elevate its privileges.

CVE-2011-0864

Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code (including applets) to crash the virtual machine.

CVE-2011-0865

A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact.

CVE-2011-0867

Untrusted code (including applets) could access information about network interfaces which was not intended to be public. (Note that the interface MAC address is still available to untrusted code.)

CVE-2011-0868

A float-to-long conversion could overflow, allowing untrusted code (including applets) to crash the virtual machine.

CVE-2011-0869

Untrusted code (including applets) could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection.

CVE-2011-0871

Untrusted code (including applets) could elevate its privileges through the Swing MediaTracker code.

In addition, this update removes support for the Zero/Shark and Cacao Hotspot variants from the i386 and amd64 due to stability issues. These Hotspot variants are included in the openjdk-6-jre-zero and icedtea-6-jre-cacao packages, and these packages must be removed during this update.

For the oldstable distribution (lenny), these problems will be fixed in a separate DSA for technical reasons.

For the stable distribution (squeeze), these problems have been fixed in version 6b18-1.8.9-0.1~
squeeze1.

For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 6b18-1.8.9-0.1.

We recommend that you upgrade your openjdk-6 packages.

Affected Software/OS:
'openjdk-6' package(s) on Debian 6.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-0862
Cert/CC Advisory: TA11-201A
http://www.us-cert.gov/cas/techalerts/TA11-201A.html
Debian Security Information: DSA-2311 (Google Search)
http://www.debian.org/security/2011/dsa-2311
http://security.gentoo.org/glsa/glsa-201406-32.xml
HPdes Security Advisory: HPSBMU02797
http://marc.info/?l=bugtraq&m=134254957702612&w=2
HPdes Security Advisory: HPSBMU02799
http://marc.info/?l=bugtraq&m=134254866602253&w=2
HPdes Security Advisory: HPSBUX02697
http://marc.info/?l=bugtraq&m=132439520301822&w=2
HPdes Security Advisory: HPSBUX02777
http://marc.info/?l=bugtraq&m=133728004526190&w=2
HPdes Security Advisory: SSRT100591
HPdes Security Advisory: SSRT100854
HPdes Security Advisory: SSRT100867
http://www.mandriva.com/security/advisories?name=MDVSA-2011:126
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13317
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14541
http://www.redhat.com/support/errata/RHSA-2011-0856.html
http://www.redhat.com/support/errata/RHSA-2011-0857.html
http://www.redhat.com/support/errata/RHSA-2011-0860.html
http://www.redhat.com/support/errata/RHSA-2011-0938.html
http://www.redhat.com/support/errata/RHSA-2011-1087.html
http://www.redhat.com/support/errata/RHSA-2011-1159.html
http://www.redhat.com/support/errata/RHSA-2011-1265.html
RedHat Security Advisories: RHSA-2013:1455
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://secunia.com/advisories/44818
http://secunia.com/advisories/44930
http://secunia.com/advisories/49198
SuSE Security Announcement: SUSE-SA:2011:030 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html
SuSE Security Announcement: SUSE-SA:2011:032 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00002.html
SuSE Security Announcement: SUSE-SA:2011:036 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00022.html
SuSE Security Announcement: SUSE-SU-2011:0807 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html
SuSE Security Announcement: SUSE-SU-2011:0863 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00001.html
SuSE Security Announcement: SUSE-SU-2011:0966 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00025.html
SuSE Security Announcement: openSUSE-SU-2011:0633 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-0864
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14225
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14632
Common Vulnerability Exposure (CVE) ID: CVE-2011-0865
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14463
Common Vulnerability Exposure (CVE) ID: CVE-2011-0867
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14240
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14693
Common Vulnerability Exposure (CVE) ID: CVE-2011-0868
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14264
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14827
Common Vulnerability Exposure (CVE) ID: CVE-2011-0869
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14338
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14644
Common Vulnerability Exposure (CVE) ID: CVE-2011-0871
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14112
CopyrightCopyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.