Ubuntu 12.04 LTS / 12.10 / 13.04 : icedtea-web update (USN-1907-2)

Ubuntu Security Notice (C) 2013-2016 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

USN-1907-1 fixed vulnerabilities in OpenJDK 7. Due to upstream
changes, IcedTea Web needed an update to work with the new OpenJDK 7.

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit
these to expose sensitive data over the network. (CVE-2013-1500,
CVE-2013-2454, CVE-2013-2458)

A vulnerability was discovered in the OpenJDK Javadoc
related to data integrity. (CVE-2013-1571)

A vulnerability was discovered in the OpenJDK JRE related to
information disclosure and availability. An attacker could
exploit this to cause a denial of service or expose
sensitive data over the network. (CVE-2013-2407)

Several vulnerabilities were discovered in the OpenJDK JRE
related to information disclosure. An attacker could exploit
these to expose sensitive data over the network.
(CVE-2013-2412, CVE-2013-2443, CVE-2013-2446, CVE-2013-2447,
CVE-2013-2449, CVE-2013-2452, CVE-2013-2456)

Several vulnerabilities were discovered in the OpenJDK JRE
related to availability. An attacker could exploit these to
cause a denial of service. (CVE-2013-2444, CVE-2013-2445,
CVE-2013-2450)

Several vulnerabilities were discovered in the OpenJDK JRE
related to information disclosure, data integrity and
availability. An attacker could exploit these to cause a
denial of service or expose sensitive data over the network.
(CVE-2013-2448, CVE-2013-2451, CVE-2013-2459, CVE-2013-2460,
CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469,
CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473)

Several vulnerabilities were discovered in the OpenJDK JRE
related to data integrity. (CVE-2013-2453, CVE-2013-2455,
CVE-2013-2457).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected icedtea-netx package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:H/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial