Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

CVE-2009-0217 xmlsec1, mono, xml-security-c,
xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing
and authentication bypass

CVE-2009-2670 OpenJDK Untrusted applet System properties access
(6738524)

CVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks
(6801071)

CVE-2009-2673 OpenJDK proxy mechanism allows non-authorized socket
connections (6801497)

CVE-2009-2674 Java Web Start Buffer JPEG processing integer overflow
(6823373)

CVE-2009-2675 Java Web Start Buffer unpack200 processing integer
overflow (6830335)

CVE-2009-2625 OpenJDK XML parsing Denial-Of-Service (6845701)

CVE-2009-2475 OpenJDK information leaks in mutable variables
(6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,66600
49,6660539,6813167)

CVE-2009-2476 OpenJDK OpenType checks can be bypassed (6736293)

CVE-2009-2690 OpenJDK private variable information disclosure
(6777487)

CVE-2009-2676 JRE applet launcher vulnerability

All running instances of Sun Java must be restarted for the update to
take effect.

See also :

http://www.nessus.org/u?42ba17de

Solution :

Update the affected java-1.6.0-sun-compat and / or jdk packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)