Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.870889
Category:Red Hat Local Security Checks
Title:RedHat Update for java-1.7.0-openjdk RHSA-2013:0165-01
Summary:The remote host is missing an update for the 'java-1.7.0-openjdk'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'java-1.7.0-openjdk'
package(s) announced via the referenced advisory.

Vulnerability Insight:
These packages provide the OpenJDK 7 Java Runtime Environment and the
OpenJDK 7 Software Development Kit.

Two improper permission check issues were discovered in the reflection API
in OpenJDK. An untrusted Java application or applet could use these flaws
to bypass Java sandbox restrictions. (CVE-2012-3174, CVE-2013-0422)

This erratum also upgrades the OpenJDK package to IcedTea7 2.3.4. Refer to
the NEWS file, linked to in the References, for further information.

All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

Affected Software/OS:
java-1.7.0-openjdk on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-3174
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/
RedHat Security Advisories: RHSA-2013:0156
http://rhn.redhat.com/errata/RHSA-2013-0156.html
RedHat Security Advisories: RHSA-2013:0165
http://rhn.redhat.com/errata/RHSA-2013-0165.html
SuSE Security Announcement: openSUSE-SU-2013:0199 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html
http://www.ubuntu.com/usn/USN-1693-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-0422
Bugtraq: 20130110 [SE-2012-01] 'Fix' for Issue 32 exploited by new Java 0-day code (Google Search)
http://seclists.org/bugtraq/2013/Jan/48
Cert/CC Advisory: TA13-010A
http://www.us-cert.gov/cas/techalerts/TA13-010A.html
CERT/CC vulnerability note: VU#625617
http://www.kb.cert.org/vuls/id/625617
http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html
http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html
http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/
http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/
http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html
https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf
https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013
https://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_us
CopyrightCopyright (c) 2013 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.