openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Multiple vulnerabilities were fixed in java-1_6_0-openjdk :

- CVE-2010-4448: CVSS v2 Base Score: 2.6
(AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by
untrusted applets

- CVE-2010-4450: CVSS v2 Base Score: 3.7
(AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect
processing of empty library path entries

- CVE-2010-4465: CVSS v2 Base Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security
manager bypass

- CVE-2010-4469: CVSS v2 Base Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap
corruption

- CVE-2010-4470: CVSS v2 Base Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component
state manipulation

- CVE-2010-4471: CVSS v2 Base Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system
property leak

- CVE-2010-4472: CVSS v2 Base Score: 2.6
(AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to
replace DSIG/C14N implementation

- CVE-2011-0706: CVSS v2 Base Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges,
and Access Control (CWE-264)

See also :

http://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html
https://bugzilla.novell.com/show_bug.cgi?id=671714

Solution :

Update the affected java-1_6_0-openjdk packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 53735 ()

Bugtraq ID:

CVE ID: CVE-2010-4448
CVE-2010-4450
CVE-2010-4465
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2011-0706

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now