openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0182-1)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

java-1_6_0-openjdk version 1.7.3 fixes serveral security issues :

- CVE-2010-0837: JAR 'unpack200' must verify input

- CVE-2010-0845: No ClassCastException for
HashAttributeSet constructors if run with -Xcomp

- CVE-2010-0838: CMM readMabCurveData Buffer Overflow

- CVE-2010-0082: Loader-constraint table allows arrays
instead of only the base-classes

- CVE-2010-0095: Subclasses of InetAddress may incorrectly
interpret network addresses

- CVE-2010-0085: File TOCTOU deserialization vulnerability

- CVE-2010-0091: Unsigned applet can retrieve the dragged
information before drop action occurs

- CVE-2010-0088: Inflater/Deflater clone issues

- CVE-2010-0084: Policy/PolicyFile leak dynamic

- CVE-2010-0092: AtomicReferenceArray causes SIGSEGV ->

- CVE-2010-0094: Deserialization of RMIConnectionImpl
objects should enforce stricter checks

- CVE-2010-0093: System.arraycopy unable to reference
elements beyond Integer.MAX_VALUE bytes

- CVE-2010-0840: Applet Trusted Methods Chaining Privilege
Escalation Vulnerability

- CVE-2010-0848: AWT Library Invalid Index Vulnerability

- CVE-2010-0847: ImagingLib arbitrary code execution

- CVE-2009-3555: TLS: MITM attacks via session

See also :

Solution :

Update the affected java-1_6_0-openjdk packages.

Risk factor :

High / CVSS Base Score : 7.5
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now