Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.870819
Category:Red Hat Local Security Checks
Title:RedHat Update for java-1.7.0-openjdk RHSA-2012:1223-01
Summary:The remote host is missing an update for the 'java-1.7.0-openjdk'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'java-1.7.0-openjdk'
package(s) announced via the referenced advisory.

Vulnerability Insight:
These packages provide the OpenJDK 7 Java Runtime Environment and the
OpenJDK 7 Software Development Kit.

Multiple improper permission check issues were discovered in the Beans
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2012-4681,
CVE-2012-1682, CVE-2012-3136)

A hardening fix was applied to the AWT component in OpenJDK, removing
functionality from the restricted SunToolkit class that was used in
combination with other flaws to bypass Java sandbox restrictions.
(CVE-2012-0547)

All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

Affected Software/OS:
java-1.7.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-0547
BugTraq ID: 55339
http://www.securityfocus.com/bid/55339
http://security.gentoo.org/glsa/glsa-201406-32.xml
HPdes Security Advisory: HPSBUX02824
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03533078
HPdes Security Advisory: HPSBUX02825
http://marc.info/?l=bugtraq&m=135161897205627&w=2
HPdes Security Advisory: SSRT100970
HPdes Security Advisory: SSRT100974
RedHat Security Advisories: RHSA-2012:1222
http://rhn.redhat.com/errata/RHSA-2012-1222.html
RedHat Security Advisories: RHSA-2012:1225
http://rhn.redhat.com/errata/RHSA-2012-1225.html
RedHat Security Advisories: RHSA-2012:1392
http://rhn.redhat.com/errata/RHSA-2012-1392.html
RedHat Security Advisories: RHSA-2012:1466
http://rhn.redhat.com/errata/RHSA-2012-1466.html
RedHat Security Advisories: RHSA-2013:1455
http://rhn.redhat.com/errata/RHSA-2013-1455.html
RedHat Security Advisories: RHSA-2013:1456
http://rhn.redhat.com/errata/RHSA-2013-1456.html
http://secunia.com/advisories/51044
http://secunia.com/advisories/51141
http://secunia.com/advisories/51327
SuSE Security Announcement: SUSE-SU-2012:1148 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00006.html
SuSE Security Announcement: SUSE-SU-2012:1231 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html
SuSE Security Announcement: openSUSE-SU-2012:1175 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00019.html
http://www.ubuntu.com/usn/USN-1553-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-1682
http://marc.info/?l=bugtraq&m=135109152819176&w=2
Common Vulnerability Exposure (CVE) ID: CVE-2012-3136
Common Vulnerability Exposure (CVE) ID: CVE-2012-4681
BugTraq ID: 55213
http://www.securityfocus.com/bid/55213
Cert/CC Advisory: TA12-240A
http://www.us-cert.gov/cas/techalerts/TA12-240A.html
http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html
http://immunityproducts.blogspot.com/2012/08/java-0day-analysis-cve-2012-4681.html
http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/
http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html
https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day
SuSE Security Announcement: SUSE-SU-2012:1398 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
CopyrightCopyright (c) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.