Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.72489
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2012:1385
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2012:1385.

These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.

Multiple improper permission check issues were discovered in the Beans,
Swing, and JMX components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass Java sandbox restrictions.
(CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)

Multiple improper permission check issues were discovered in the Scripting,
JMX, Concurrency, Libraries, and Security components in OpenJDK. An
untrusted Java application or applet could use these flaws to bypass
certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071,
CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)

It was discovered that java.util.ServiceLoader could create an instance of
an incompatible class while performing provider lookup. An untrusted Java
application or applet could use this flaw to bypass certain Java sandbox
restrictions. (CVE-2012-5079)

It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS
implementation did not properly handle handshake records containing an
overly large data length value. An unauthenticated, remote attacker could
possibly use this flaw to cause an SSL/TLS server to terminate with an
exception. (CVE-2012-5081)

It was discovered that the JMX component in OpenJDK could perform certain
actions in an insecure manner. An untrusted Java application or applet
could possibly use this flaw to disclose sensitive information.
(CVE-2012-5075)

A bug in the Java HotSpot Virtual Machine optimization code could cause it
to not perform array initialization in certain cases. An untrusted Java
application or applet could use this flaw to disclose portions of the
virtual machine's memory. (CVE-2012-4416)

It was discovered that the SecureRandom class did not properly protect
against the creation of multiple seeders. An untrusted Java application or
applet could possibly use this flaw to disclose sensitive information.
(CVE-2012-5077)

It was discovered that the java.io.FilePermission class exposed the hash
code of the canonicalized path name. An untrusted Java application or
applet could possibly use this flaw to determine certain system paths, such
as the current working directory. (CVE-2012-3216)

This update disables Gopher protocol support in the java.net package by
default. Gopher support can be enabled by setting the newly introduced
property, jdk.net.registerGopherProtocol, to true. (CVE-2012-5085)

This erratum also upgrades the OpenJDK package to IcedTea6 1.10.10. Refer
to the NEWS file, linked to in the References, for further information.

All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2012-1385.html
http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.10/NEWS
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

Risk factor : High

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-3216
BugTraq ID: 56075
http://www.securityfocus.com/bid/56075
http://security.gentoo.org/glsa/glsa-201406-32.xml
HPdes Security Advisory: HPSBOV02833
http://marc.info/?l=bugtraq&m=135758563611658&w=2
HPdes Security Advisory: HPSBUX02832
http://marc.info/?l=bugtraq&m=135542848327757&w=2
HPdes Security Advisory: SSRT101042
HPdes Security Advisory: SSRT101043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16538
RedHat Security Advisories: RHSA-2012:1385
http://rhn.redhat.com/errata/RHSA-2012-1385.html
RedHat Security Advisories: RHSA-2012:1386
http://rhn.redhat.com/errata/RHSA-2012-1386.html
RedHat Security Advisories: RHSA-2012:1391
http://rhn.redhat.com/errata/RHSA-2012-1391.html
RedHat Security Advisories: RHSA-2012:1392
http://rhn.redhat.com/errata/RHSA-2012-1392.html
RedHat Security Advisories: RHSA-2012:1465
http://rhn.redhat.com/errata/RHSA-2012-1465.html
RedHat Security Advisories: RHSA-2012:1466
http://rhn.redhat.com/errata/RHSA-2012-1466.html
RedHat Security Advisories: RHSA-2012:1467
http://rhn.redhat.com/errata/RHSA-2012-1467.html
RedHat Security Advisories: RHSA-2013:1455
http://rhn.redhat.com/errata/RHSA-2013-1455.html
RedHat Security Advisories: RHSA-2013:1456
http://rhn.redhat.com/errata/RHSA-2013-1456.html
http://secunia.com/advisories/51028
http://secunia.com/advisories/51029
http://secunia.com/advisories/51141
http://secunia.com/advisories/51166
http://secunia.com/advisories/51313
http://secunia.com/advisories/51315
http://secunia.com/advisories/51326
http://secunia.com/advisories/51327
http://secunia.com/advisories/51328
http://secunia.com/advisories/51390
http://secunia.com/advisories/51393
http://secunia.com/advisories/51438
SuSE Security Announcement: SUSE-SU-2012:1398 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
SuSE Security Announcement: SUSE-SU-2012:1489 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00010.html
SuSE Security Announcement: SUSE-SU-2012:1490 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00011.html
SuSE Security Announcement: SUSE-SU-2012:1595 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html
SuSE Security Announcement: openSUSE-SU-2012:1423 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-4416
BugTraq ID: 55501
http://www.securityfocus.com/bid/55501
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16623
Common Vulnerability Exposure (CVE) ID: CVE-2012-5068
BugTraq ID: 56076
http://www.securityfocus.com/bid/56076
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16533
XForce ISS Database: javaruntimeenvironment-lib-cve20125068(79425)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79425
Common Vulnerability Exposure (CVE) ID: CVE-2012-5069
BugTraq ID: 56065
http://www.securityfocus.com/bid/56065
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16685
XForce ISS Database: javaruntimeenvironment-cc-cve20125069(79428)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79428
Common Vulnerability Exposure (CVE) ID: CVE-2012-5071
BugTraq ID: 56061
http://www.securityfocus.com/bid/56061
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16227
XForce ISS Database: javaruntimeenvironment-jmx-cve20125071(79427)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79427
Common Vulnerability Exposure (CVE) ID: CVE-2012-5072
BugTraq ID: 56083
http://www.securityfocus.com/bid/56083
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16522
XForce ISS Database: javaruntimeenvironment-security-info-disc(79434)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79434
Common Vulnerability Exposure (CVE) ID: CVE-2012-5073
BugTraq ID: 56080
http://www.securityfocus.com/bid/56080
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16466
XForce ISS Database: javaruntimeenvironment-lib-cve20125073(79432)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79432
Common Vulnerability Exposure (CVE) ID: CVE-2012-5075
BugTraq ID: 56081
http://www.securityfocus.com/bid/56081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16684
XForce ISS Database: javaruntimeenvironment-comjmx-info-disc(79431)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79431
Common Vulnerability Exposure (CVE) ID: CVE-2012-5077
BugTraq ID: 56058
http://www.securityfocus.com/bid/56058
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16585
XForce ISS Database: javaruntimeenvironment-sec-info-disc(79437)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79437
Common Vulnerability Exposure (CVE) ID: CVE-2012-5079
BugTraq ID: 56082
http://www.securityfocus.com/bid/56082
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16602
XForce ISS Database: javaruntimeenvironment-lib-cve20125079(79433)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79433
Common Vulnerability Exposure (CVE) ID: CVE-2012-5081
BugTraq ID: 56071
http://www.securityfocus.com/bid/56071
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16043
Common Vulnerability Exposure (CVE) ID: CVE-2012-5084
BugTraq ID: 56063
http://www.securityfocus.com/bid/56063
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16553
XForce ISS Database: javaruntimeenvironment-swing-cve20125084(79423)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79423
Common Vulnerability Exposure (CVE) ID: CVE-2012-5085
BugTraq ID: 56067
http://www.securityfocus.com/bid/56067
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16654
Common Vulnerability Exposure (CVE) ID: CVE-2012-5086
BugTraq ID: 56039
http://www.securityfocus.com/bid/56039
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16387
XForce ISS Database: javaruntimeenvironment-beans-cve20125086(79414)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79414
Common Vulnerability Exposure (CVE) ID: CVE-2012-5089
BugTraq ID: 56059
http://www.securityfocus.com/bid/56059
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16506
XForce ISS Database: javaruntimeenvironment-jmx-cve20125089(79422)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79422
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.