openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

New icedtea update to fix :

- ICC_Profile file existence detection information leak;
CVE-2009-3728: CVSS v2 Base Score: 5.0

- BMP parsing DoS with UNC ICC links; CVE-2009-3885: CVSS
v2 Base Score: 5.0

- resurrected classloaders can still have children;
CVE-2009-3881: CVSS v2 Base Score: 7.5

- Numerous static security flaws in Swing; CVE-2009-3882:
CVSS v2 Base Score: 7.5

- Mutable statics in Windows PL&F; CVE-2009-3883: CVSS v2
Base Score: 7.5

- UI logging information leakage; CVE-2009-3880: CVSS v2
Base Score: 5.0

- GraphicsConfiguration information leak; CVE-2009-3879:
CVSS v2 Base Score: 7.5

- zoneinfo file existence information leak; CVE-2009-3884:
CVSS v2 Base Score: 5.0

- deprecate MD2 in SSL cert validation; CVE-2009-2409:
CVSS v2 Base Score: 6.4

- JPEG Image Writer quantization problem; CVE-2009-3873:
CVSS v2 Base Score: 9.3

- MessageDigest.isEqual introduces timing attack
vulnerabilities; CVE-2009-3875: CVSS v2 Base Score: 5.0

- OpenJDK ASN.1/DER input stream parser denial of service;
CVE-2009-3876,CVE-2009-3877: CVSS v2 Base Score: 5.0

- JRE AWT setDifflCM stack overflow; CVE-2009-3869: CVSS
v2 Base Score: 9.3

- ImageI/O JPEG heap overflow; CVE-2009-3874: CVSS v2 Base
Score: 9.3

- JRE AWT setBytePixels heap overflow; CVE-2009-3871: CVSS
v2 Base Score: 9.3

See also :

https://bugzilla.novell.com/show_bug.cgi?id=554069

Solution :

Update the affected java-1_6_0-openjdk packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now