Fedora 16 : java-1.6.0-openjdk-1.6.0.0-60.1.10.4.fc16 (2011-15020) (BEAST)

This script is Copyright (C) 2011-2017 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

Update to latest upstream bugfix release

- Security fixes

- S7000600, CVE-2011-3547: InputStream skip()
information leak

- S7019773, CVE-2011-3548: mutable static
AWTKeyStroke.ctor

- S7023640, CVE-2011-3551: Java2D TransformHelper
integer overflow

- S7032417, CVE-2011-3552: excessive default UDP socket
limit under SecurityManager

- S7046794, CVE-2011-3553: JAX-WS stack-traces
information leak

- S7046823, CVE-2011-3544: missing SecurityManager
checks in scripting engine

- S7055902, CVE-2011-3521: IIOP deserialization code
execution

- S7057857, CVE-2011-3554: insufficient pack200 JAR
files uncompress error checks

- S7064341, CVE-2011-3389: HTTPS: block-wise
chosen-plaintext attack against SSL/TLS (BEAST)

- S7070134, CVE-2011-3558: HotSpot crashes with sigsegv
from PorterStemmer

- S7077466, CVE-2011-3556: RMI DGC server remote code
execution

- S7083012, CVE-2011-3557: RMI registry privileged code
execution

- S7096936, CVE-2011-3560: missing checkSetFactory calls
in HttpsURLConnection

- Bug fixes

- RH727195: Japanese font mappings are broken

- Backports

- S6826104, RH730015: Getting a NullPointer exception
when clicked on Application & Toolkit Modal dialog

- Zero/Shark

- PR690: Shark fails to JIT using hs20.

- PR696: Zero fails to handle fast_aldc and fast_aldc_w
in hs20.

- Added Patch6 as (probably temporally) solution for
S7103224 for buildability on newest glibc libraries.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=737506
https://bugzilla.redhat.com/show_bug.cgi?id=745379
https://bugzilla.redhat.com/show_bug.cgi?id=745387
https://bugzilla.redhat.com/show_bug.cgi?id=745391
https://bugzilla.redhat.com/show_bug.cgi?id=745397
https://bugzilla.redhat.com/show_bug.cgi?id=745399
https://bugzilla.redhat.com/show_bug.cgi?id=745442
https://bugzilla.redhat.com/show_bug.cgi?id=745447
https://bugzilla.redhat.com/show_bug.cgi?id=745459
https://bugzilla.redhat.com/show_bug.cgi?id=745464
https://bugzilla.redhat.com/show_bug.cgi?id=745473
https://bugzilla.redhat.com/show_bug.cgi?id=745476
https://bugzilla.redhat.com/show_bug.cgi?id=745492
http://www.nessus.org/u?245b2342

Solution :

Update the affected java-1.6.0-openjdk package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now