openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0182-1)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

java-1_6_0-openjdk version 1.7.3 fixes serveral security issues :

- CVE-2010-0837: JAR 'unpack200' must verify input
parameters

- CVE-2010-0845: No ClassCastException for
HashAttributeSet constructors if run with -Xcomp

- CVE-2010-0838: CMM readMabCurveData Buffer Overflow
Vulnerability

- CVE-2010-0082: Loader-constraint table allows arrays
instead of only the base-classes

- CVE-2010-0095: Subclasses of InetAddress may incorrectly
interpret network addresses

- CVE-2010-0085: File TOCTOU deserialization vulnerability

- CVE-2010-0091: Unsigned applet can retrieve the dragged
information before drop action occurs

- CVE-2010-0088: Inflater/Deflater clone issues

- CVE-2010-0084: Policy/PolicyFile leak dynamic
ProtectionDomains.

- CVE-2010-0092: AtomicReferenceArray causes SIGSEGV ->
SEGV_MAPERR error

- CVE-2010-0094: Deserialization of RMIConnectionImpl
objects should enforce stricter checks

- CVE-2010-0093: System.arraycopy unable to reference
elements beyond Integer.MAX_VALUE bytes

- CVE-2010-0840: Applet Trusted Methods Chaining Privilege
Escalation Vulnerability

- CVE-2010-0848: AWT Library Invalid Index Vulnerability

- CVE-2010-0847: ImagingLib arbitrary code execution
vulnerability

- CVE-2009-3555: TLS: MITM attacks via session
renegotiation

See also :

http://lists.opensuse.org/opensuse-updates/2010-04/msg00090.html
https://bugzilla.novell.com/show_bug.cgi?id=594415

Solution :

Update the affected java-1_6_0-openjdk packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now