English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.881229
Category:CentOS Local Security Checks
Title:CentOS Update for java CESA-2012:0729 centos6
Summary:The remote host is missing an update for the 'java'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'java'
package(s) announced via the referenced advisory.

Vulnerability Insight:
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.

Multiple flaws were discovered in the CORBA (Common Object Request Broker
Architecture) implementation in Java. A malicious Java application or
applet could use these flaws to bypass Java sandbox restrictions or modify
immutable object data. (CVE-2012-1711, CVE-2012-1719)

It was discovered that the SynthLookAndFeel class from Swing did not
properly prevent access to certain UI elements from outside the current
application context. A malicious Java application or applet could use this
flaw to crash the Java Virtual Machine, or bypass Java sandbox
restrictions. (CVE-2012-1716)

Multiple flaws were discovered in the font manager's layout lookup
implementation. A specially-crafted font file could cause the Java Virtual
Machine to crash or, possibly, execute arbitrary code with the privileges
of the user running the virtual machine. (CVE-2012-1713)

Multiple flaws were found in the way the Java HotSpot Virtual Machine
verified the bytecode of the class file to be executed. A specially-crafted
Java application or applet could use these flaws to crash the Java Virtual
Machine, or bypass Java sandbox restrictions. (CVE-2012-1723,
CVE-2012-1725)

It was discovered that the Java XML parser did not properly handle certain
XML documents. An attacker able to make a Java application parse a
specially-crafted XML file could use this flaw to make the XML parser enter
an infinite loop. (CVE-2012-1724)

It was discovered that the Java security classes did not properly handle
Certificate Revocation Lists (CRL). CRL containing entries with duplicate
certificate serial numbers could have been ignored. (CVE-2012-1718)

It was discovered that various classes of the Java Runtime library could
create temporary files with insecure permissions. A local attacker could
use this flaw to gain access to the content of such temporary files.
(CVE-2012-1717)

Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website.

This erratum also upgrades the OpenJDK package to IcedTea6 1.11.3. Refer to
the NEWS file, linked to in the References, for further information.

All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

Affected Software/OS:
java on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-1711
BugTraq ID: 53949
http://www.securityfocus.com/bid/53949
http://security.gentoo.org/glsa/glsa-201406-32.xml
HPdes Security Advisory: HPSBUX02805
http://marc.info/?l=bugtraq&m=134496371727681&w=2
HPdes Security Advisory: SSRT100919
http://www.mandriva.com/security/advisories?name=MDVSA-2012:095
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15996
RedHat Security Advisories: RHSA-2012:0734
http://rhn.redhat.com/errata/RHSA-2012-0734.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-1713
BugTraq ID: 53946
http://www.securityfocus.com/bid/53946
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16502
RedHat Security Advisories: RHSA-2012:1243
http://rhn.redhat.com/errata/RHSA-2012-1243.html
RedHat Security Advisories: RHSA-2013:1455
http://rhn.redhat.com/errata/RHSA-2013-1455.html
RedHat Security Advisories: RHSA-2013:1456
http://rhn.redhat.com/errata/RHSA-2013-1456.html
http://secunia.com/advisories/50659
http://secunia.com/advisories/51080
SuSE Security Announcement: SUSE-SU-2012:1177 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html
SuSE Security Announcement: SUSE-SU-2012:1204 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html
SuSE Security Announcement: SUSE-SU-2012:1231 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html
SuSE Security Announcement: SUSE-SU-2012:1265 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-1716
BugTraq ID: 53947
http://www.securityfocus.com/bid/53947
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16168
Common Vulnerability Exposure (CVE) ID: CVE-2012-1717
BugTraq ID: 53952
http://www.securityfocus.com/bid/53952
Common Vulnerability Exposure (CVE) ID: CVE-2012-1718
BugTraq ID: 53951
http://www.securityfocus.com/bid/53951
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15923
RedHat Security Advisories: RHSA-2012:1467
http://rhn.redhat.com/errata/RHSA-2012-1467.html
http://secunia.com/advisories/51326
Common Vulnerability Exposure (CVE) ID: CVE-2012-1719
BugTraq ID: 53950
http://www.securityfocus.com/bid/53950
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16312
Common Vulnerability Exposure (CVE) ID: CVE-2012-1723
BugTraq ID: 53960
http://www.securityfocus.com/bid/53960
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16259
Common Vulnerability Exposure (CVE) ID: CVE-2012-1724
BugTraq ID: 53958
http://www.securityfocus.com/bid/53958
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16659
Common Vulnerability Exposure (CVE) ID: CVE-2012-1725
BugTraq ID: 53954
http://www.securityfocus.com/bid/53954
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16513
CopyrightCopyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.