Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-119)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.


Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

It was discovered that the Beans component in OpenJDK did not perform
permission checks properly. An untrusted Java application or applet
could use this flaw to use classes from restricted packages, allowing
it to bypass Java sandbox restrictions. (CVE-2012-1682)

A hardening fix was applied to the AWT component in OpenJDK, removing
functionality from the restricted SunToolkit class that was used in
combination with other flaws to bypass Java sandbox restrictions.
(CVE-2012-0547)

See also :

https://alas.aws.amazon.com/ALAS-2012-119.html

Solution :

Run 'yum update java-1.6.0-openjdk' to update your system.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69609 ()

Bugtraq ID:

CVE ID: CVE-2012-0547
CVE-2012-1682