SuSE 11.1 Security Update : IBM Java 6 (SAT Patch Number 2553)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

This update of IBM Java 6 to Service Request 8 to fixes the following
security issues :

- Unspecified vulnerability in the Java Runtime
Environment component in Oracle Java SE and Java for
Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows
remote attackers to affect confidentiality via unknown
vectors. (CVE-2010-0084)

- Unspecified vulnerability in the Java Runtime
Environment component in Oracle Java SE and Java for
Business 6 Update 18, 5.0 Update 23, 1.4.225, and
1.3.127 allows remote attackers to affect
confidentiality, integrity, and availability via unknown
vectors. (CVE-2010-0085)

- Unspecified vulnerability in the Java Web Start, Java
Plug-in component in Oracle Java SE and Java for
Business 6 Update 18, 5.0 Update 23, 1.4.225, and
1.3.127 allows remote attackers to affect
confidentiality, integrity, and availability via unknown
vectors. (CVE-2010-0087)

- Unspecified vulnerability in the Java Runtime
Environment component in Oracle Java SE and Java for
Business 6 Update 18, 5.0 Update 23, 1.4.225, and
1.3.127 allows remote attackers to affect
confidentiality, integrity, and availability via unknown
vectors. (CVE-2010-0088)

- Unspecified vulnerability in the Java Web Start, Java
Plug-in component in Oracle Java SE and Java for
Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows
remote attackers to affect availability via unknown
vectors. (CVE-2010-0089)

- Unspecified vulnerability in the Java Web Start, Java
Plug-in component in Oracle Java SE and Java for
Business 6 Update 18 allows remote attackers to affect
integrity and availability via unknown vectors.
(CVE-2010-0090)

- Unspecified vulnerability in the Java Runtime
Environment component in Oracle Java SE and Java for
Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows
remote attackers to affect confidentiality via unknown
vectors. (CVE-2010-0091)

- Unspecified vulnerability in the Java Runtime
Environment component in Oracle Java SE and Java for
Business 6 Update 18, and 5.0 Update 23 allows remote
attackers to affect confidentiality, integrity, and
availability via unknown vectors. (CVE-2010-0092)

- Unspecified vulnerability in the Java Runtime
Environment component in Oracle Java SE and Java for
Business 6 Update 18 and 5.0 Update 23 allows remote
attackers to affect confidentiality, integrity, and
availability via unknown vectors. NOTE: the previous
information was obtained from the March 2010 CPU. Oracle
has not commented on claims from a reliable researcher
that this is due to missing privilege checks during
deserialization of RMIConnectionImpl objects, which
allows remote attackers to call system-level Java
functions via the class loader of a constructor that is
being deserialized. (CVE-2010-0094)

- Unspecified vulnerability in the Java Runtime
Environment component in Oracle Java SE and Java for
Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows
remote attackers to affect confidentiality, integrity,
and availability via unknown vectors. (CVE-2010-0095)

- Unspecified vulnerability in the Pack200 component in
Oracle Java SE and Java for Business 6 Update 18, 5.0,
Update, and 23 allows remote attackers to affect
confidentiality, integrity, and availability via unknown
vectors. (CVE-2010-0837)

- Unspecified vulnerability in the Java 2D component in
Oracle Java SE and Java for Business 6 Update 18, 5.0,
Update, and 23 allows remote attackers to affect
confidentiality, integrity, and availability via unknown
vectors. NOTE: the previous information was obtained
from the March 2010 CPU. Oracle has not commented on
claims from a reliable researcher that this is a
stack-based buffer overflow using an untrusted size
value in the readMabCurveData function in the CMM module
of the JVM. (CVE-2010-0838)

- Unspecified vulnerability in the Sound component in
Oracle Java SE and Java for Business 6 Update 18, 5.0
Update 23, 1.4.225, and 1.3.1 27 allows remote attackers
to affect confidentiality, integrity, and availability
via unknown vectors. (CVE-2010-0839)

- Unspecified vulnerability in the Java Runtime
Environment component in Oracle Java SE and Java for
Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows
remote attackers to affect confidentiality, integrity,
and availability via unknown vectors. NOTE: the previous
information was obtained from the March 2010 CPU. Oracle
has not commented on claims from a reliable researcher
that this is related to improper checks when executing
privileged methods in the Java Runtime Environment
(JRE), which allows attackers to execute arbitrary code
via (1) an untrusted object that extends the trusted
class but has not modified a certain method, or (2) 'a
similar trust issue with interfaces,' aka 'Trusted
Methods Chaining Remote Code Execution Vulnerability.'.
(CVE-2010-0840)

- Unspecified vulnerability in the ImageIO component in
Oracle Java SE and Java for Business 6 Update 18, 5.0
Update 23, and 1.4.2_25 allows remote attackers to
affect confidentiality, integrity, and availability via
unknown vectors. NOTE: the previous information was
obtained from the March 2010 CPU. Oracle has not
commented on claims from a reliable researcher that this
is an integer overflow in the Java Runtime Environment
that allows remote attackers to execute arbitrary code
via a JPEG image that contains subsample dimensions with
large values, related to JPEGImageReader and 'stepX'.
(CVE-2010-0841)

- Unspecified vulnerability in the Sound component in
Oracle Java SE and Java for Business 6 Update 18, 5.0
Update 23, 1.4.225, and 1.3.1 27 allows remote attackers
to affect confidentiality, integrity, and availability
via unknown vectors. NOTE: the previous information was
obtained from the March 2010 CPU. Oracle has not
commented on claims from a reliable researcher that this
is an uncontrolled array index that allows remote
attackers to execute arbitrary code via a MIDI file with
a crafted MixerSequencer object, related to the GM_Song
structure. (CVE-2010-0842)

- Unspecified vulnerability in the Sound component in
Oracle Java SE and Java for Business 6 Update 18, 5.0
Update 23, 1.4.225, and 1.3.1 27 allows remote attackers
to affect confidentiality, integrity, and availability
via unknown vectors. NOTE: the previous information was
obtained from the March 2010 CPU. Oracle has not
commented on claims from a reliable researcher that this
is related to XNewPtr and improper handling of an
integer parameter when allocating heap memory in the
com.sun.media.sound libraries, which allows remote
attackers to execute arbitrary code. (CVE-2010-0843)

- Unspecified vulnerability in the Sound component in
Oracle Java SE and Java for Business 6 Update 18, 5.0
Update 23, 1.4.225, and 1.3.1 27 allows remote attackers
to affect confidentiality, integrity, and availability
via unknown vectors. NOTE: the previous information was
obtained from the March 2010 CPU. Oracle has not
commented on claims from a reliable researcher that this
is for improper parsing of a crafted MIDI stream when
creating a MixerSequencer object, which causes a pointer
to be corrupted and allows a NULL byte to be written to
arbitrary memory. (CVE-2010-0844)

- Unspecified vulnerability in the ImageIO component in
Oracle Java SE and Java for Business 6 Update 18, 5.0
Update 23, 1.4.2_25, and 1.3.1_27 allows remote
attackers to affect confidentiality, integrity, and
availability via unknown vectors. NOTE: the previous
information was obtained from the March 2010 CPU. Oracle
has not commented on claims from a reliable researcher
that this is a heap-based buffer overflow that allows
remote attackers to execute arbitrary code, related to
an 'invalid assignment' and inconsistent length values
in a JPEG image encoder (JPEGImageEncoderImpl).
(CVE-2010-0846)

- Unspecified vulnerability in the Java 2D component in
Oracle Java SE and Java for Business 6 Update 18, 5.0
Update 23, 1.4.2_25, and 1.3.1_27 allows remote
attackers to affect confidentiality, integrity, and
availability via unknown vectors. NOTE: the previous
information was obtained from the March 2010 CPU. Oracle
has not commented on claims from a reliable researcher
that this is a heap-based buffer overflow that allows
arbitrary code execution via a crafted image.
(CVE-2010-0847)

- Unspecified vulnerability in the Java 2D component in
Oracle Java SE and Java for Business 6 Update 18, 5.0
Update 23, 1.4.2_25, and 1.3.1_27 allows remote
attackers to affect confidentiality, integrity, and
availability via unknown vectors. (CVE-2010-0848)

- Unspecified vulnerability in the Java 2D component in
Oracle Java SE and Java for Business 6 Update 18, 5.0
Update 23, 1.4.2_25, and 1.3.1_27 allows remote
attackers to affect confidentiality, integrity, and
availability via unknown vectors. NOTE: the previous
information was obtained from the March 2010 CPU. Oracle
has not commented on claims from a reliable researcher
that this is a heap-based buffer overflow in a decoding
routine used by the JPEGImageDecoderImpl interface,
which allows code execution via a crafted JPEG image.
(CVE-2010-0849)

Please also see http://www.ibm.com/developerworks/java/jdk/alerts/ for
a more up to date list on what was fixed.

See also :

https://bugzilla.novell.com/show_bug.cgi?id=603283
http://support.novell.com/security/cve/CVE-2010-0084.html
http://support.novell.com/security/cve/CVE-2010-0085.html
http://support.novell.com/security/cve/CVE-2010-0087.html
http://support.novell.com/security/cve/CVE-2010-0088.html
http://support.novell.com/security/cve/CVE-2010-0089.html
http://support.novell.com/security/cve/CVE-2010-0090.html
http://support.novell.com/security/cve/CVE-2010-0091.html
http://support.novell.com/security/cve/CVE-2010-0092.html
http://support.novell.com/security/cve/CVE-2010-0094.html
http://support.novell.com/security/cve/CVE-2010-0095.html
http://support.novell.com/security/cve/CVE-2010-0837.html
http://support.novell.com/security/cve/CVE-2010-0838.html
http://support.novell.com/security/cve/CVE-2010-0839.html
http://support.novell.com/security/cve/CVE-2010-0840.html
http://support.novell.com/security/cve/CVE-2010-0841.html
http://support.novell.com/security/cve/CVE-2010-0842.html
http://support.novell.com/security/cve/CVE-2010-0843.html
http://support.novell.com/security/cve/CVE-2010-0844.html
http://support.novell.com/security/cve/CVE-2010-0846.html
http://support.novell.com/security/cve/CVE-2010-0847.html
http://support.novell.com/security/cve/CVE-2010-0848.html
http://support.novell.com/security/cve/CVE-2010-0849.html

Solution :

Apply SAT patch number 2553.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Public Exploit Available : true