SuSE 10 Security Update : Sun Java (ZYPP Patch Number 5131)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

Sun Java was updated to 1.4.2u17 to fix following security
vulnerabilities :

- Unspecified vulnerability in the Virtual Machine for Sun
Java Runtime Environment (JRE) and JDK 6 Update 4 and
earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16
and earlier allows remote attackers should gain
privileges via an untrusted application or applet, a
different issue than CVE-2008-1186. (CVE-2008-1158)

- Unspecified vulnerability in the Virtual Machine for Sun
Java Runtime Environment (JRE) and JDK 5.0 Update 13 and
earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote
attackers to gain privileges via an untrusted
application or applet, a different issue than
CVE-2008-1185. (CVE-2008-1186)

- Unspecified vulnerability in Sun Java Runtime
Environment (JRE) and JDK 6 Update 4 and earlier, 5.0
Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier
allows remote attackers to cause a denial of service
(JRE crash) and possibly execute arbitrary code via
unknown vectors related to XSLT transforms.
(CVE-2008-1187)

- Buffer overflow in Java Web Start in Sun JDK and JRE 6
Update 4 and earlier, 5.0 Update 14 and earlier, and
SDK/JRE 1.4.2_16 and earlier allows remote attackers to
execute arbitrary code via unknown vectors, a different
issue than CVE-2008-1188. (CVE-2008-1189)

- Unspecified vulnerability in Java Web Start in Sun JDK
and JRE 6 Update 4 and earlier, 5.0 Update 14 and
earlier, and SDK/JRE 1.4.2_16 and earlier allows remote
attackers to gain privileges via an untrusted
application, a different issue than CVE-2008-1191.
(CVE-2008-1190)

- Unspecified vulnerability in the Java Plug-in for Sun
JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14
and earlier; and SDK and JRE 1.4.2_16 and earlier, and
1.3.1_21 and earlier; allows remote attackers to bypass
the same origin policy and 'execute local applications'
via unknown vectors. (CVE-2008-1192)

- Unspecified vulnerability in Sun JDK and Java Runtime
Environment (JRE) 6 Update 4 and earlier and 5.0 Update
14 and earlier; and SDK and JRE 1.4.2_16 and earlier;
allows remote attackers to access arbitrary network
services on the local host via unspecified vectors
related to JavaScript and Java APIs. (CVE-2008-1195)

- Stack-based buffer overflow in Java Web Start
(javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier
and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16
and earlier; allows remote attackers to execute
arbitrary code via a crafted JNLP file. (CVE-2008-1196)

See also :

http://support.novell.com/security/cve/CVE-2008-1158.html
http://support.novell.com/security/cve/CVE-2008-1185.html
http://support.novell.com/security/cve/CVE-2008-1186.html
http://support.novell.com/security/cve/CVE-2008-1187.html
http://support.novell.com/security/cve/CVE-2008-1188.html
http://support.novell.com/security/cve/CVE-2008-1189.html
http://support.novell.com/security/cve/CVE-2008-1190.html
http://support.novell.com/security/cve/CVE-2008-1191.html
http://support.novell.com/security/cve/CVE-2008-1192.html
http://support.novell.com/security/cve/CVE-2008-1195.html
http://support.novell.com/security/cve/CVE-2008-1196.html

Solution :

Apply ZYPP patch number 5131.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now