Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:054)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been identified and fixed in
java-1.6.0-openjdk :

The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8
before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the
checkPermission method instead of throwing an exception in certain
circumstances, which might allow context-dependent attackers to bypass
the intended security policy by creating instances of ClassLoader
(CVE-2010-4351).

Unspecified vulnerability in the Java Runtime Environment (JRE) in
Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0
Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted
Java Web Start applications and untrusted Java applets to affect
integrity via unknown vectors related to Networking. NOTE: the
previous information was obtained from the February 2011 CPU. Oracle
has not commented on claims from a downstream vendor that this issue
involves DNS cache poisoning by untrusted applets. (CVE-2010-4448)

Unspecified vulnerability in the Java Runtime Environment (JRE) in
Oracle Java SE and Java for Business 6 Update 23 and earlier for
Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux;
and 1.4.2_29 and earlier for Solaris and Linux allows local standalone
applications to affect confidentiality, integrity, and availability
via unknown vectors related to Launcher. NOTE: the previous
information was obtained from the February 2011 CPU. Oracle has not
commented on claims from a downstream vendor that this issue is an
untrusted search path vulnerability involving an empty LD_LIBRARY_PATH
environment variable (CVE-2010-4450).

Unspecified vulnerability in the Java Runtime Environment (JRE) in
Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0
Update 27 and earlier, and 1.4.2_29 and earlier allows remote
untrusted Java Web Start applications and untrusted Java applets to
affect confidentiality, integrity, and availability via unknown
vectors related to Swing. NOTE: the previous information was obtained
from the February 2011 CPU. Oracle has not commented on claims from a
downstream vendor that this issue is related to the lack of framework
support by AWT event dispatch, and/or clipboard access in Applets.
(CVE-2010-4465)

Unspecified vulnerability in the Java Runtime Environment (JRE) in
Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0
Update 27 and earlier, and 1.4.2_29 and earlier allows remote
untrusted Java Web Start applications and untrusted Java applets to
affect confidentiality, integrity, and availability via unknown
vectors related to HotSpot. NOTE: the previous information was
obtained from the February 2011 CPU. Oracle has not commented on
claims from a downstream vendor that this issue is heap corruption
related to the Verifier and backward jsrs. (CVE-2010-4469)

Unspecified vulnerability in the Java Runtime Environment (JRE) in
Oracle Java SE and Java for Business 6 Update 23, and, and earlier
allows remote attackers to affect availability via unknown vectors
related to JAXP and unspecified APIs. NOTE: the previous information
was obtained from the February 2011 CPU. Oracle has not commented on
claims from a downstream vendor that this issue is related to Features
set on SchemaFactory not inherited by Validator. (CVE-2010-4470)

Unspecified vulnerability in the Java Runtime Environment (JRE) in
Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0
Update 27 and earlier allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality via
unknown vectors related to 2D. NOTE: the previous information was
obtained from the February 2011 CPU. Oracle has not commented on
claims from a downstream vendor that this issue is related to the
exposure of system properties via vectors related to Font.createFont
and exception text (CVE-2010-4471).

Unspecified vulnerability in the Java Runtime Environment (JRE) in
Oracle Java SE and Java for Business 6 Update 23 and earlier allows
remote attackers to affect availability, related to XML Digital
Signature and unspecified APIs. NOTE: the previous information was
obtained from the February 2011 CPU. Oracle has not commented on
claims from a downstream vendor that this issue involves the
replacement of the XML DSig Transform or C14N algorithm
implementations. (CVE-2010-4472)

The Double.parseDouble method in Java Runtime Environment (JRE) in
Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0
Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK,
Apache, JBossweb, and other products, allows remote attackers to cause
a denial of service via a crafted string that triggers an infinite
loop of estimations during conversion to a double-precision binary
floating-point number, as demonstrated using 2.2250738585072012e-308
(CVE-2010-4476).

IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does
not properly verify signatures for JAR files that (1) are partially
signed or (2) signed by multiple entities, which allows remote
attackers to trick users into executing code that appears to come from
a trusted source (CVE-2011-0025).

The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in
OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain
privileges via unknown vectors related to multiple signers and the
assignment of an inappropriate security descriptor. (CVE-2011-0706)

Additionally the java-1.5.0-gcj packages were not rebuilt with the
shipped version on GCC for 2009.0 and Enterprise Server 5 which caused
problems while building the java-1.6.0-openjdk updates, therefore
rebuilt java-1.5.0-gcj packages are being provided with this advisory
as well.

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149 products_id=490

The updated packages have been patched to correct this issue.

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now