SuSE 10 Security Update : Sun Java (ZYPP Patch Number 5131)

High Nessus Plugin ID 31772

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

Sun Java was updated to 1.4.2u17 to fix following security vulnerabilities :

- Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers should gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186. (CVE-2008-1158)

- Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185. (CVE-2008-1186)

- Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.
(CVE-2008-1187)

- Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188. (CVE-2008-1189)

- Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191.
(CVE-2008-1190)

- Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and 'execute local applications' via unknown vectors. (CVE-2008-1192)

- Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier;
allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs. (CVE-2008-1195)

- Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file. (CVE-2008-1196)

Solution

Apply ZYPP patch number 5131.

See Also

http://support.novell.com/security/cve/CVE-2008-1158.html

http://support.novell.com/security/cve/CVE-2008-1185.html

http://support.novell.com/security/cve/CVE-2008-1186.html

http://support.novell.com/security/cve/CVE-2008-1187.html

http://support.novell.com/security/cve/CVE-2008-1188.html

http://support.novell.com/security/cve/CVE-2008-1189.html

http://support.novell.com/security/cve/CVE-2008-1190.html

http://support.novell.com/security/cve/CVE-2008-1191.html

http://support.novell.com/security/cve/CVE-2008-1192.html

http://support.novell.com/security/cve/CVE-2008-1195.html

http://support.novell.com/security/cve/CVE-2008-1196.html

Plugin Details

Severity: High

ID: 31772

File Name: suse_java-1_4_2-sun-5131.nasl

Version: 1.19

Type: local

Agent: unix

Published: 2008/04/04

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2008/03/27

Exploitable With

CANVAS (D2ExploitPack)

Reference Information

CVE: CVE-2008-1158, CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192, CVE-2008-1195, CVE-2008-1196

CWE: 20, 119, 264