openSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-5130)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Sun Java was updated to 1.4.2u17 to fix following security
vulnerabilities :

- CVE-2008-1158: Unspecified vulnerability in the Virtual
Machine for Sun Java Runtime Environment (JRE) and JDK 6
Update 4 and earlier, 5.0 Update 14 and earlier, and
SDK/JRE 1.4.2_16 and earlier allows remote attackers
should gain privileges via an untrusted application or
applet, a different issue than CVE-2008-1186.

- CVE-2008-1186: Unspecified vulnerability in the Virtual
Machine for Sun Java Runtime Environment (JRE) and JDK
5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and
earlier, allows remote attackers to gain privileges via
an untrusted application or applet, a different issue
than CVE-2008-1185.

- CVE-2008-1187: Unspecified vulnerability in Sun Java
Runtime Environment (JRE) and JDK 6 Update 4 and
earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16
and earlier allows remote attackers to cause a denial of
service (JRE crash) and possibly execute arbitrary code
via unknown vectors related to XSLT transforms.

- CVE-2008-1189: Buffer overflow in Java Web Start in Sun
JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and
earlier, and SDK/JRE 1.4.2_16 and earlier allows remote
attackers to execute arbitrary code via unknown vectors,
a different issue than CVE-2008-1188.

- CVE-2008-1190: Unspecified vulnerability in Java Web
Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0
Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier
allows remote attackers to gain privileges via an
untrusted application, a different issue than
CVE-2008-1191.

- CVE-2008-1192: Unspecified vulnerability in the Java
Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and
5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and
earlier, and 1.3.1_21 and earlier; allows remote
attackers to bypass the same origin policy and 'execute
local applications' via unknown vectors.

- CVE-2008-1195: Unspecified vulnerability in Sun JDK and
Java Runtime Environment (JRE) 6 Update 4 and earlier
and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16
and earlier; allows remote attackers to access arbitrary
network services on the local host via unspecified
vectors related to JavaScript and Java APIs.

- CVE-2008-1196: Stack-based buffer overflow in Java Web
Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and
earlier and 5.0 Update 14 and earlier; and SDK and JRE
1.4.2_16 and earlier; allows remote attackers to execute
arbitrary code via a crafted JNLP file.

Solution :

Update the affected java-1_4_2-sun packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now