Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.

Synopsis :

The remote Scientific Linux host is missing one or more security

Description :

CVE-2009-0217 xmlsec1, mono, xml-security-c,
xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing
and authentication bypass

CVE-2009-2670 OpenJDK Untrusted applet System properties access

CVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks

CVE-2009-2673 OpenJDK proxy mechanism allows non-authorized socket
connections (6801497)

CVE-2009-2674 Java Web Start Buffer JPEG processing integer overflow

CVE-2009-2675 Java Web Start Buffer unpack200 processing integer
overflow (6830335)

CVE-2009-2625 OpenJDK XML parsing Denial-Of-Service (6845701)

CVE-2009-2475 OpenJDK information leaks in mutable variables

CVE-2009-2476 OpenJDK OpenType checks can be bypassed (6736293)

CVE-2009-2690 OpenJDK private variable information disclosure

CVE-2009-2676 JRE applet launcher vulnerability

All running instances of Sun Java must be restarted for the update to
take effect.

See also :

Solution :

Update the affected java-1.6.0-sun-compat and / or jdk packages.

Risk factor :

Critical / CVSS Base Score : 10.0