SuSE 11.1 Security Update : IBM Java (SAT Patch Number 5014)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

IBM Java 1.4.2 SR 13 Fixpack 10 has been released and fixes various
bugs and security issues.

The following security issues have been fixed :

- Unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31
and earlier allows remote untrusted Java Web Start
applications and untrusted Java applets to affect
integrity via unknown vectors related to
Deserialization. (CVE-2011-0865)

- Unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31
and earlier, when running on Windows, allows remote
untrusted Java Web Start applications and untrusted Java
applets to affect confidentiality, integrity, and
availability via unknown vectors related to Java Runtime
Environment. (CVE-2011-0866)

- Unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier, when running on Windows, allows remote
untrusted Java Web Start applications and untrusted Java
applets to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment,
a different vulnerability than CVE-2011-0786.
(CVE-2011-0802)

- Unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31
and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown
vectors related to Sound, a different vulnerability than
CVE-2011-0802. (CVE-2011-0814)

- Unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31
and earlier allows remote untrusted Java Web Start
applications and untrusted Java applets to affect
confidentiality, integrity, and availability via unknown
vectors related to AWT. (CVE-2011-0815)

- Multiple unspecified vulnerabilities in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31
and earlier allow remote attackers to affect
confidentiality, integrity, and availability via unknown
vectors related to 2D. (CVE-2011-0862)

- Unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31
and earlier allows remote untrusted Java Web Start
applications and untrusted Java applets to affect
confidentiality via unknown vectors related to
Networking. (CVE-2011-0867)

- Unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31
and earlier allows remote untrusted Java Web Start
applications and untrusted Java applets to affect
confidentiality, integrity, and availability via unknown
vectors related to Swing. (CVE-2011-0871)

- Unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update
25 and earlier allows remote attackers to affect
availability via unknown vectors related to NIO.
(CVE-2011-0872)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=711195
http://support.novell.com/security/cve/CVE-2011-0786.html
http://support.novell.com/security/cve/CVE-2011-0802.html
http://support.novell.com/security/cve/CVE-2011-0814.html
http://support.novell.com/security/cve/CVE-2011-0815.html
http://support.novell.com/security/cve/CVE-2011-0862.html
http://support.novell.com/security/cve/CVE-2011-0865.html
http://support.novell.com/security/cve/CVE-2011-0866.html
http://support.novell.com/security/cve/CVE-2011-0867.html
http://support.novell.com/security/cve/CVE-2011-0871.html
http://support.novell.com/security/cve/CVE-2011-0872.html

Solution :

Apply SAT patch number 5014.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now