SuSE9 Security Update : IBMJava JRE and SDK (YOU Patch Number 12682)

Critical Nessus Plugin ID 52629

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote SuSE 9 host is missing a security-related patch.

Description

IBM Java 1.4.2 SR13 was updated to FP8 to fix various bugs and security issues.

The following security issues were fixed :

- The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. (CVE-2010-1321)

- Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU.
Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
(CVE-2010-3574)

- The Java Runtime Environment hangs forever when converting '2.2250738585072012e-308' to a binary floating-point number. (CVE-2010-4476)

Solution

Apply YOU patch number 12682.

See Also

http://support.novell.com/security/cve/CVE-2010-1321.html

http://support.novell.com/security/cve/CVE-2010-3574.html

http://support.novell.com/security/cve/CVE-2010-4476.html

Plugin Details

Severity: Critical

ID: 52629

File Name: suse9_12682.nasl

Version: 1.11

Type: local

Agent: unix

Published: 2011/03/11

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 6.7

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/02/23

Reference Information

CVE: CVE-2010-1321, CVE-2010-3574, CVE-2010-4476