Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.870649
Category:Red Hat Local Security Checks
Title:RedHat Update for java-1.6.0-openjdk RHSA-2012:0135-01
Summary:The remote host is missing an update for the 'java-1.6.0-openjdk'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'java-1.6.0-openjdk'
package(s) announced via the referenced advisory.

Vulnerability Insight:
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.

It was discovered that Java2D did not properly check graphics rendering
objects before passing them to the native renderer. Malicious input, or an
untrusted Java application or applet could use this flaw to crash the Java
Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497)

It was discovered that the exception thrown on deserialization failure did
not always contain a proper identification of the cause of the failure. An
untrusted Java application or applet could use this flaw to bypass Java
sandbox restrictions. (CVE-2012-0505)

The AtomicReferenceArray class implementation did not properly check if
the array was of the expected Object[] type. A malicious Java application
or applet could use this flaw to bypass Java sandbox restrictions.
(CVE-2011-3571)

It was discovered that the use of TimeZone.setDefault() was not restricted
by the SecurityManager, allowing an untrusted Java application or applet to
set a new default time zone, and hence bypass Java sandbox restrictions.
(CVE-2012-0503)

The HttpServer class did not limit the number of headers read from HTTP
requests. A remote attacker could use this flaw to make an application
using HttpServer use an excessive amount of CPU time via a
specially-crafted request. This update introduces a header count limit
controlled using the sun.net.httpserver.maxReqHeaders property. The default
value is 200. (CVE-2011-5035)

The Java Sound component did not properly check buffer boundaries.
Malicious input, or an untrusted Java application or applet could use this
flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion
of its memory. (CVE-2011-3563)

A flaw was found in the AWT KeyboardFocusManager that could allow an
untrusted Java application or applet to acquire keyboard focus and possibly
steal sensitive information. (CVE-2012-0502)

It was discovered that the CORBA (Common Object Request Broker
Architecture) implementation in Java did not properly protect repository
identifiers on certain CORBA objects. This could have been used to modify
immutable object data. (CVE-2012-0506)

An off-by-one flaw, causing a stack overflow, was found in the unpacker for
ZIP files. A specially-crafted ZIP archive could cause the Java Virtual
Machine (JVM) to crash when opened. (CVE-2012-0501)

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
java-1.6.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-3563
BugTraq ID: 52012
http://www.securityfocus.com/bid/52012
Debian Security Information: DSA-2420 (Google Search)
http://www.debian.org/security/2012/dsa-2420
http://security.gentoo.org/glsa/glsa-201406-32.xml
HPdes Security Advisory: HPSBMU02797
http://marc.info/?l=bugtraq&m=134254957702612&w=2
HPdes Security Advisory: HPSBMU02799
http://marc.info/?l=bugtraq&m=134254866602253&w=2
HPdes Security Advisory: HPSBUX02757
http://marc.info/?l=bugtraq&m=133364885411663&w=2
HPdes Security Advisory: HPSBUX02760
http://marc.info/?l=bugtraq&m=133365109612558&w=2
HPdes Security Advisory: HPSBUX02777
http://marc.info/?l=bugtraq&m=133728004526190&w=2
HPdes Security Advisory: HPSBUX02784
http://marc.info/?l=bugtraq&m=133847939902305&w=2
HPdes Security Advisory: SSRT100779
HPdes Security Advisory: SSRT100805
HPdes Security Advisory: SSRT100854
HPdes Security Advisory: SSRT100867
HPdes Security Advisory: SSRT100871
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14942
RedHat Security Advisories: RHSA-2012:0508
http://rhn.redhat.com/errata/RHSA-2012-0508.html
RedHat Security Advisories: RHSA-2012:0514
http://rhn.redhat.com/errata/RHSA-2012-0514.html
RedHat Security Advisories: RHSA-2012:0702
http://rhn.redhat.com/errata/RHSA-2012-0702.html
RedHat Security Advisories: RHSA-2012:1080
http://rhn.redhat.com/errata/RHSA-2012-1080.html
RedHat Security Advisories: RHSA-2013:1455
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://secunia.com/advisories/48073
http://secunia.com/advisories/48074
http://secunia.com/advisories/48589
http://secunia.com/advisories/48692
http://secunia.com/advisories/48915
http://secunia.com/advisories/48948
http://secunia.com/advisories/48950
http://secunia.com/advisories/49198
SuSE Security Announcement: SUSE-SU-2012:0602 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
SuSE Security Announcement: SUSE-SU-2012:0603 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html
SuSE Security Announcement: SUSE-SU-2012:0734 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00009.html
SuSE Security Announcement: SUSE-SU-2012:0881 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00007.html
SuSE Security Announcement: SUSE-SU-2012:1013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00015.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-3571
http://secunia.com/advisories/50897
SuSE Security Announcement: openSUSE-SU-2012:1323 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-10/msg00041.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-5035
Bugtraq: 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
CERT/CC vulnerability note: VU#903934
http://www.kb.cert.org/vuls/id/903934
HPdes Security Advisory: HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16908
http://secunia.com/advisories/57126
Common Vulnerability Exposure (CVE) ID: CVE-2012-0497
BugTraq ID: 52009
http://www.securityfocus.com/bid/52009
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14772
Common Vulnerability Exposure (CVE) ID: CVE-2012-0501
BugTraq ID: 52013
http://www.securityfocus.com/bid/52013
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15069
Common Vulnerability Exposure (CVE) ID: CVE-2012-0502
BugTraq ID: 52011
http://www.securityfocus.com/bid/52011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14900
Common Vulnerability Exposure (CVE) ID: CVE-2012-0503
BugTraq ID: 52018
http://www.securityfocus.com/bid/52018
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14813
Common Vulnerability Exposure (CVE) ID: CVE-2012-0505
BugTraq ID: 52017
http://www.securityfocus.com/bid/52017
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13976
Common Vulnerability Exposure (CVE) ID: CVE-2012-0506
BugTraq ID: 52014
http://www.securityfocus.com/bid/52014
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14082
CopyrightCopyright (c) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.