Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2013:010)

Critical Nessus Plugin ID 64563

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Multiple security issues were identified and fixed in OpenJDK (icedtea6) :

- S6563318, CVE-2013-0424: RMI data sanitization

- S6664509, CVE-2013-0425: Add logging context

- S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time

- S6776941: CVE-2013-0427: Improve thread pool shutdown

- S7141694, CVE-2013-0429: Improving CORBA internals

- S7173145: Improve in-memory representation of splashscreens

- S7186945: Unpack200 improvement

- S7186946: Refine unpacker resource usage

- S7186948: Improve Swing data validation

- S7186952, CVE-2013-0432: Improve clipboard access

- S7186954: Improve connection performance

- S7186957: Improve Pack200 data validation

- S7192392, CVE-2013-0443: Better validation of client keys

- S7192393, CVE-2013-0440: Better Checking of order of TLS Messages

- S7192977, CVE-2013-0442: Issue in toolkit thread

- S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies

- S7200491: Tighten up JTable layout code

- S7200500: Launcher better input validation

- S7201064: Better dialogue checking

- S7201066, CVE-2013-0441: Change modifiers on unused fields

- S7201068, CVE-2013-0435: Better handling of UI elements

- S7201070: Serialization to conform to protocol

- S7201071, CVE-2013-0433: InetSocketAddress serialization issue

- S8000210: Improve JarFile code quality

- S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class

- S8000540, CVE-2013-1475: Improve IIOP type reuse management

- S8000631, CVE-2013-1476: Restrict access to class constructor

- S8001235, CVE-2013-0434: Improve JAXP HTTP handling

- S8001242: Improve RMI HTTP conformance

- S8001307: Modify ACC_SUPER behavior

- S8001972, CVE-2013-1478: Improve image processing

- S8002325, CVE-2013-1480: Improve management of images

- Backports

- S7010849: 5/5 Extraneous javac source/target options when building sa-jdi

The updated packages provides icedtea6-1.11.6 which is not vulnerable to these issues.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?e15a1d25

Plugin Details

Severity: Critical

ID: 64563

File Name: mandriva_MDVSA-2013-010.nasl

Version: 1.11

Type: local

Published: 2013/02/12

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 6.7

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:java-1.6.0-openjdk, p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-demo, p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-devel, p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-javadoc, p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-src, cpe:/o:mandriva:linux:2011

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/02/11

Reference Information

CVE: CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0429, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0450, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480

BID: 57686, 57687, 57691, 57692, 57694, 57696, 57702, 57703, 57709, 57710, 57711, 57712, 57713, 57715, 57719, 57727, 57729, 57730

MDVSA: 2013:010