Detections
Analytics

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0308-1)

critical Nessus Plugin ID 74896

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

OpenJDK (java-1_6_0-openjdk) was updated to 1.12.2 to fix bugs and security issues (bnc#801972)

 - Security fixes (on top of 1.12.0)

 - S6563318, CVE-2013-0424: RMI data sanitization

 - S6664509, CVE-2013-0425: Add logging context

 - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time

 - S6776941: CVE-2013-0427: Improve thread pool shutdown

 - S7141694, CVE-2013-0429: Improving CORBA internals

 - S7173145: Improve in-memory representation of splashscreens

 - S7186945: Unpack200 improvement

 - S7186946: Refine unpacker resource usage

 - S7186948: Improve Swing data validation

 - S7186952, CVE-2013-0432: Improve clipboard access

 - S7186954: Improve connection performance

 - S7186957: Improve Pack200 data validation

 - S7192392, CVE-2013-0443: Better validation of client keys

 - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages

 - S7192977, CVE-2013-0442: Issue in toolkit thread

 - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies

 - S7200491: Tighten up JTable layout code

 - S7200500: Launcher better input validation

 - S7201064: Better dialogue checking

 - S7201066, CVE-2013-0441: Change modifiers on unused fields

 - S7201068, CVE-2013-0435: Better handling of UI elements

 - S7201070: Serialization to conform to protocol

 - S7201071, CVE-2013-0433: InetSocketAddress serialization issue

 - S8000210: Improve JarFile code quality

 - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class

 - S8000540, CVE-2013-1475: Improve IIOP type reuse management

 - S8000631, CVE-2013-1476: Restrict access to class constructor

 - S8001235, CVE-2013-0434: Improve JAXP HTTP handling

Solution

Update the affected java-1_6_0-openjdk packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=801972

https://lists.opensuse.org/opensuse-updates/2013-02/msg00052.html

Plugin Details

Severity: Critical

ID: 74896

File Name: openSUSE-2013-131.nasl

Version: 1.4

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:java-1_6_0-openjdk, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-debuginfo, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-debugsource, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo-debuginfo, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel-debuginfo, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src, cpe:/o:novell:opensuse:12.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2/12/2013

Reference Information

CVE: CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0450, CVE-2013-1475, CVE-2013-1476