SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7626)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

IBM Java 1.6.0 SR9-FP2 fixes several of bugs and thew following
security issues :

- An unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31
and earlier allows remote untrusted Java Web Start
applications and untrusted Java applets to affect
integrity via unknown vectors related to
Deserialization. (CVE-2011-0865)

- An unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31
and earlier, when running on Windows, allows remote
untrusted Java Web Start applications and untrusted Java
applets to affect confidentiality, integrity, and
availability via unknown vectors related to Java Runtime
Environment. (CVE-2011-0866)

- An unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier, when running on Windows, allows remote
untrusted Java Web Start applications and untrusted Java
applets to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment,
a different vulnerability than CVE-2011-0788.
(CVE-2011-0786)

- An unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier, when running on Windows, allows remote
untrusted Java Web Start applications and untrusted Java
applets to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment,
a different vulnerability than CVE-2011-0786.
(CVE-2011-0788)

- An unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier, when running on Windows, allows remote
untrusted Java Web Start applications and untrusted Java
applets to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment,
a different vulnerability than CVE-2011-0786.
(CVE-2011-0802)

- An unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31
and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown
vectors related to Sound, a different vulnerability than
CVE-2011-0802. (CVE-2011-0814)

- An unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31
and earlier allows remote untrusted Java Web Start
applications and untrusted Java applets to affect
confidentiality, integrity, and availability via unknown
vectors related to AWT. (CVE-2011-0815)

- Multiple unspecified vulnerabilities in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31
and earlier allow remote attackers to affect
confidentiality, integrity, and availability via unknown
vectors related to 2D. (CVE-2011-0862)

- An unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31
and earlier allows remote untrusted Java Web Start
applications and untrusted Java applets to affect
confidentiality via unknown vectors related to
Networking. (CVE-2011-0867)

- An unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
26 and earlier allows remote untrusted Java Web Start
applications and untrusted Java applets to affect
confidentiality via unknown vectors related to SAAJ.
(CVE-2011-0869)

- An unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier, when running on Windows, allows remote
untrusted Java Web Start applications and untrusted Java
applets to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment.
(CVE-2011-0817)

- An unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier allows remote untrusted Java Web Start
applications and untrusted Java applets to affect
confidentiality, integrity, and availability via unknown
vectors related to Deployment. (CVE-2011-0863)

- An unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier allows remote attackers to affect
confidentiality via unknown vectors related to 2D.
(CVE-2011-0868)

- An unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31
and earlier allows remote untrusted Java Web Start
applications and untrusted Java applets to affect
confidentiality, integrity, and availability via unknown
vectors related to Swing. (CVE-2011-0871)

- An unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier allows remote attackers to affect
availability via unknown vectors related to NIO.
(CVE-2011-0872)

- An unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier, and 5.0 Update 29 and earlier, allows
remote attackers to affect confidentiality, integrity,
and availability via unknown vectors related to 2D.
(CVE-2011-0873)

See also :

http://support.novell.com/security/cve/CVE-2011-0786.html
http://support.novell.com/security/cve/CVE-2011-0788.html
http://support.novell.com/security/cve/CVE-2011-0802.html
http://support.novell.com/security/cve/CVE-2011-0814.html
http://support.novell.com/security/cve/CVE-2011-0815.html
http://support.novell.com/security/cve/CVE-2011-0817.html
http://support.novell.com/security/cve/CVE-2011-0862.html
http://support.novell.com/security/cve/CVE-2011-0863.html
http://support.novell.com/security/cve/CVE-2011-0865.html
http://support.novell.com/security/cve/CVE-2011-0866.html
http://support.novell.com/security/cve/CVE-2011-0867.html
http://support.novell.com/security/cve/CVE-2011-0868.html
http://support.novell.com/security/cve/CVE-2011-0869.html
http://support.novell.com/security/cve/CVE-2011-0871.html
http://support.novell.com/security/cve/CVE-2011-0872.html
http://support.novell.com/security/cve/CVE-2011-0873.html

Solution :

Apply ZYPP patch number 7626.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now