openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

Multiple vulnerabilities were fixed in java-1_6_0-openjdk :

- CVE-2010-4448: CVSS v2 Base Score: 2.6
(AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by
untrusted applets

- CVE-2010-4450: CVSS v2 Base Score: 3.7
(AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect
processing of empty library path entries

- CVE-2010-4465: CVSS v2 Base Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security
manager bypass

- CVE-2010-4469: CVSS v2 Base Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap

- CVE-2010-4470: CVSS v2 Base Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component
state manipulation

- CVE-2010-4471: CVSS v2 Base Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system
property leak

- CVE-2010-4472: CVSS v2 Base Score: 2.6
(AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to
replace DSIG/C14N implementation

- CVE-2011-0706: CVSS v2 Base Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges,
and Access Control (CWE-264)

See also :

Solution :

Update the affected java-1_6_0-openjdk packages.

Risk factor :

Critical / CVSS Base Score : 10.0
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 75538 ()

Bugtraq ID:

CVE ID: CVE-2010-4448

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now