SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4024)
Critical Nessus Plugin ID 52631
SynopsisThe remote SuSE 11 host is missing one or more security updates.
DescriptionIBM Java 1.4.2 SR13 was updated to FP8 to fix various bugs and security issues.
The following security issues were fixed :
- The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. (CVE-2010-1321)
- Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU.
Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
- The Java Runtime Environment hangs forever when converting '2.2250738585072012e-308' to a binary floating-point number. (CVE-2010-4476)
SolutionApply SAT patch number 4024.