New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 9
Synopsis
The remote openSUSE host is missing a security update.
Description
java-1_6_0-openjdk version 1.7.3 fixes serveral security issues :
- CVE-2010-0837: JAR 'unpack200' must verify input parameters
- CVE-2010-0845: No ClassCastException for HashAttributeSet constructors if run with -Xcomp
- CVE-2010-0838: CMM readMabCurveData Buffer Overflow Vulnerability
- CVE-2010-0082: Loader-constraint table allows arrays instead of only the base-classes
- CVE-2010-0095: Subclasses of InetAddress may incorrectly interpret network addresses
- CVE-2010-0085: File TOCTOU deserialization vulnerability
- CVE-2010-0091: Unsigned applet can retrieve the dragged information before drop action occurs
- CVE-2010-0088: Inflater/Deflater clone issues
- CVE-2010-0084: Policy/PolicyFile leak dynamic ProtectionDomains.
- CVE-2010-0092: AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error
- CVE-2010-0094: Deserialization of RMIConnectionImpl objects should enforce stricter checks
- CVE-2010-0093: System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes
- CVE-2010-0840: Applet Trusted Methods Chaining Privilege Escalation Vulnerability
- CVE-2010-0848: AWT Library Invalid Index Vulnerability
- CVE-2010-0847: ImagingLib arbitrary code execution vulnerability
- CVE-2009-3555: TLS: MITM attacks via session renegotiation
Solution
Update the affected java-1_6_0-openjdk packages.