Amazon Linux AMI : java-1.6.0-openjdk Multiple Vulnerabilities (ALAS-2012-119)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

It was discovered that the Beans component in OpenJDK did not perform
permission checks properly. An untrusted Java application or applet
could use this flaw to use classes from restricted packages, allowing
it to bypass Java sandbox restrictions. (CVE-2012-1682)

A hardening fix was applied to the AWT component in OpenJDK, removing
functionality from the restricted SunToolkit class that was used in
combination with other flaws to bypass Java sandbox restrictions.
(CVE-2012-0547)

See also :

http://www.nessus.org/u?b7e7bd95

Solution :

Run 'yum update java-1.6.0-openjdk' to update your system.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69609 ()

Bugtraq ID:

CVE ID: CVE-2012-0547
CVE-2012-1682