Fedora 14 : java-1.6.0-openjdk-1.6.0.0-44.1.9.1.fc14 (2010-16312)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

- Bug #533125 - CVE-2009-3555 TLS: MITM attacks via
session renegotiation

- Bug #642202 - CVE-2010-3541 CVE-2010-3573 OpenJDK
HttpURLConnection allows arbitrary request headers
(6961084,6980004)

- Bug #639909 - CVE-2010-3548 OpenJDK DNS server IP
address information leak (6957564)

- Bug #642180 - CVE-2010-3549 OpenJDK HttpURLConnection
request splitting (6952017)

- Bug #642187 - CVE-2010-3551 OpenJDK local network
address disclosure (6952603)

- Bug #642167 - CVE-2010-3553 OpenJDK Swing unsafe
reflection usage (6622002)

- Bug #639880 - CVE-2010-3554 CVE-2010-3561 OpenJDK corba
reflection vulnerabilities (6891766,6925672)

- Bug #639904 - CVE-2010-3557 OpenJDK Swing mutable static
(6938813)

- Bug #639897 - CVE-2010-3562 OpenJDK IndexColorModel
double-free (6925710)

- Bug #639914 - CVE-2010-3564 OpenJDK kerberos
vulnerability (6958060)

- Bug #639920 - CVE-2010-3565 OpenJDK JPEG writeImage
remote code execution (6963023)

- Bug #642197 - CVE-2010-3567 OpenJDK ICU Opentype layout
engine crash (6963285)

- Bug #639876 - CVE-2010-3568 OpenJDK Deserialization Race
condition (6559775)

- Bug #639925 - CVE-2010-3569 OpenJDK Serialization
inconsistencies (6966692)

- Bug #642215 - CVE-2010-3574 OpenJDK HttpURLConnection
incomplete TRACE permission check (6981426)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=533125
https://bugzilla.redhat.com/show_bug.cgi?id=639876
https://bugzilla.redhat.com/show_bug.cgi?id=639880
https://bugzilla.redhat.com/show_bug.cgi?id=639897
https://bugzilla.redhat.com/show_bug.cgi?id=639904
https://bugzilla.redhat.com/show_bug.cgi?id=639909
https://bugzilla.redhat.com/show_bug.cgi?id=639914
https://bugzilla.redhat.com/show_bug.cgi?id=639920
https://bugzilla.redhat.com/show_bug.cgi?id=639925
https://bugzilla.redhat.com/show_bug.cgi?id=642167
https://bugzilla.redhat.com/show_bug.cgi?id=642180
https://bugzilla.redhat.com/show_bug.cgi?id=642187
https://bugzilla.redhat.com/show_bug.cgi?id=642197
https://bugzilla.redhat.com/show_bug.cgi?id=642202
https://bugzilla.redhat.com/show_bug.cgi?id=642215
http://www.nessus.org/u?6eb8d7c9

Solution :

Update the affected java-1.6.0-openjdk package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now