SuSE9 Security Update : IBM Java (YOU Patch Number 12669)

Critical Nessus Plugin ID 51660


The remote SuSE 9 host is missing a security-related patch.


IBM Java 1.4.2 SR13 was updated to FP8 to fix various bugs and security issues.

The following security issues were fixed :

- The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. (CVE-2010-1321)

- Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU.
Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.


Apply YOU patch number 12669.

See Also

Plugin Details

Severity: Critical

ID: 51660

File Name: suse9_12669.nasl

Version: $Revision: 1.6 $

Type: local

Agent: unix

Published: 2011/01/24

Modified: 2012/10/03

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2011/01/20

Reference Information

CVE: CVE-2010-1321, CVE-2010-3574