SuSE 11.2 Security Update : Java 1.6.0 (SAT Patch Number 7332)

critical Nessus Plugin ID 64780
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

java-1_6_0-openjdk based on Icedtea6-1.12.2 was released, fixing various security issues :

New in release 1.12.2 (2012-02-03) :

- Security fixes

- S6563318, CVE-2013-0424: RMI data sanitization

- S6664509, CVE-2013-0425: Add logging context

- S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time

- S6776941: CVE-2013-0427: Improve thread pool shutdown

- S7141694, CVE-2013-0429: Improving CORBA internals

- S7173145: Improve in-memory representation of splashscreens

- S7186945: Unpack200 improvement

- S7186946: Refine unpacker resource usage

- S7186948: Improve Swing data validation

- S7186952, CVE-2013-0432: Improve clipboard access

- S7186954: Improve connection performance

- S7186957: Improve Pack200 data validation

- S7192392, CVE-2013-0443: Better validation of client keys

- S7192393, CVE-2013-0440: Better Checking of order of TLS Messages

- S7192977, CVE-2013-0442: Issue in toolkit thread

- S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies

- S7200491: Tighten up JTable layout code

- S7200500: Launcher better input validation

- S7201064: Better dialogue checking

- S7201066, CVE-2013-0441: Change modifiers on unused fields

- S7201068, CVE-2013-0435: Better handling of UI elements

- S7201070: Serialization to conform to protocol

- S7201071, CVE-2013-0433: InetSocketAddress serialization issue

- S8000210: Improve JarFile code quality

- S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class

- S8000540, CVE-2013-1475: Improve IIOP type reuse management

- S8000631, CVE-2013-1476: Restrict access to class constructor

- S8001235, CVE-2013-0434: Improve JAXP HTTP handling

- S8001242: Improve RMI HTTP conformance

- S8001307: Modify ACC_SUPER behavior

- S8001972, CVE-2013-1478: Improve image processing

- S8002325, CVE-2013-1480: Improve management of images

- Backports

- S7010849: 5/5 Extraneous javac source/target options when building sa-jdi

- S8004341: Two JCK tests fails with 7u11 b06

- S8005615: Java Logger fails to load tomcat logger implementation (JULI)

- Bug fixes

- PR1297: cacao and jamvm parallel unpack failures

- PR1301: PR1171 causes builds of Zero to fail

Solution

Apply SAT patch number 7332.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=494536

https://bugzilla.novell.com/show_bug.cgi?id=792951

https://bugzilla.novell.com/show_bug.cgi?id=801972

http://support.novell.com/security/cve/CVE-2013-0424.html

http://support.novell.com/security/cve/CVE-2013-0425.html

http://support.novell.com/security/cve/CVE-2013-0426.html

http://support.novell.com/security/cve/CVE-2013-0427.html

http://support.novell.com/security/cve/CVE-2013-0428.html

http://support.novell.com/security/cve/CVE-2013-0429.html

http://support.novell.com/security/cve/CVE-2013-0432.html

http://support.novell.com/security/cve/CVE-2013-0433.html

http://support.novell.com/security/cve/CVE-2013-0434.html

http://support.novell.com/security/cve/CVE-2013-0435.html

http://support.novell.com/security/cve/CVE-2013-0440.html

http://support.novell.com/security/cve/CVE-2013-0441.html

http://support.novell.com/security/cve/CVE-2013-0442.html

http://support.novell.com/security/cve/CVE-2013-0443.html

http://support.novell.com/security/cve/CVE-2013-0450.html

http://support.novell.com/security/cve/CVE-2013-1475.html

http://support.novell.com/security/cve/CVE-2013-1476.html

http://support.novell.com/security/cve/CVE-2013-1478.html

http://support.novell.com/security/cve/CVE-2013-1480.html

Plugin Details

Severity: Critical

ID: 64780

File Name: suse_11_java-1_6_0-openjdk-130212.nasl

Version: 1.8

Type: local

Agent: unix

Published: 2/21/2013

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk, p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-demo, p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-devel, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2/12/2013

Reference Information

CVE: CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0450, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480