Fedora 14 : java-1.6.0-openjdk-220.127.116.11-18.104.22.168.fc14 (2011-1645)
Critical Nessus Plugin ID 52006
SynopsisThe remote Fedora host is missing a security update.
DescriptionThis update fixes the following security issues :
S6378709, CVE-2010-4465: AWT event dispatch does not support framework code
S6854912, CVE-2010-4465: Security issue with the clipboard access in Applets
S6878713, CVE-2010-4469: Verifier heap corruption, relating to backward jsrs
S6907662, CVE-2010-4465: System clipboard should ensure access restrictions
S6927050, CVE-2010-4470: Features set on SchemaFactory not inherited by Validator
S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets
S6983554, CVE-2010-4450: (launcher) Fix empty user's LD_LIBRARY_PATH environment variable in the launcher
S6985453, CVE-2010-4471: Font.createFont may expose some system properties in exception text
S6994263, CVE-2010-4472: Untrusted code can replace JRE's XML DSig Transform or C14N algorithm implementations
RH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected java-1.6.0-openjdk package.