Fedora 13 : java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13 (2011-1631)

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

This update fixes the following security issues :

S6378709, CVE-2010-4465: AWT event dispatch does not support framework
code

S6854912, CVE-2010-4465: Security issue with the clipboard access in
Applets

S6878713, CVE-2010-4469: Verifier heap corruption, relating to
backward jsrs

S6907662, CVE-2010-4465: System clipboard should ensure access
restrictions

S6927050, CVE-2010-4470: Features set on SchemaFactory not inherited
by Validator

S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets

S6983554, CVE-2010-4450: (launcher) Fix empty user's LD_LIBRARY_PATH
environment variable in the launcher

S6985453, CVE-2010-4471: Font.createFont may expose some system
properties in exception text

S6994263, CVE-2010-4472: Untrusted code can replace JRE's XML DSig
Transform or C14N algorithm implementations

RH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?9a673f3e

Solution :

Update the affected java-1.6.0-openjdk package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 52005 ()

Bugtraq ID:

CVE ID: CVE-2010-4448
CVE-2010-4450
CVE-2010-4465
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2011-0706

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now