Fedora 18 : java-1.7.0-openjdk- (2013-5958)

high Nessus Plugin ID 66010
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote Fedora host is missing a security update.


- updated to updated IcedTea 2.3.9 with fix to one of security fixes

- fixed font glyph offset WARNING - this build have not yet updated not-hotspot (arm...)builds!

- added client to ghosted classes.jsa

- updated to IcedTea 2.3.9 with latest security patches

- 920245 CVE-2013-0401 OpenJDK: unspecified sandbox bypass (CanSecWest 2013, AWT)

- 920247 CVE-2013-1488 OpenJDK: unspecified sanbox bypass (CanSecWest 2013, Libraries)

- 952387 CVE-2013-1537 OpenJDK: remote code loading enabled by default (RMI, 8001040)

- 952389 CVE-2013-2415 OpenJDK: temporary files created with insecure permissions (JAX-WS, 8003542)

- 952398 CVE-2013-2423 OpenJDK: incorrect setter access checks in MethodHandles (Hostspot, 8009677)

- 952509 CVE-2013-2424 OpenJDK: MBeanInstantiator insufficient class access checks (JMX, 8006435)

- 952521 CVE-2013-2429 OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918)

- 952524 CVE-2013-2430 OpenJDK: JPEGImageReader state corruption (ImageIO, 8007667)

- 952550 CVE-2013-2436 OpenJDK: Wrapper.convert insufficient type checks (Libraries, 8009049)

- 952638 CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617)

- 952640 CVE-2013-1558 OpenJDK:
java.beans.ThreadGroupContext missing restrictions (Beans, 7200507)

- 952642 CVE-2013-2422 OpenJDK: MethodUtil trampoline class incorrect restrictions (Libraries, 8009857)

- 952645 CVE-2013-2431 OpenJDK: Hotspot intrinsic frames vulnerability (Hotspot, 8004336)

- 952646 CVE-2013-1518 OpenJDK: JAXP missing security restrictions (JAXP, 6657673)

- 952648 CVE-2013-1557 OpenJDK:
LogStream.setDefaultStream() missing security restrictions (RMI, 8001329)

- 952649 CVE-2013-2421 OpenJDK: Hotspot MethodHandle lookup error (Hotspot, 8009699)

- 952653 CVE-2013-2426 OpenJDK: ConcurrentHashMap incorrectly calls defaultReadObject() method (Libraries, 8009063)

- 952656 CVE-2013-2419 OpenJDK: font processing errors (2D, 8001031)

- 952657 CVE-2013-2417 OpenJDK: Network InetAddress serialization information disclosure (Networking, 8000724)

- 952708 CVE-2013-2383 OpenJDK: font layout and glyph table errors (2D, 8004986)

- 952709 CVE-2013-2384 OpenJDK: font layout and glyph table errors (2D, 8004987)

- 952711 CVE-2013-1569 OpenJDK: font layout and glyph table errors (2D, 8004994)

- buildver sync to b19

- rewritten java-1.7.0-openjdk-java-access-bridge-security.patch

- fixed priority (one zero deleted)

- unapplied patch2

- added patch107 abrt_friendly_hs_log_jdk7.patch

- removed patch2 java-1.7.0-openjdk-java-access-bridge-idlj.patch

- removed redundant rm of classes.jsa, ghost is handling it correctly

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected java-1.7.0-openjdk package.

See Also


Plugin Details

Severity: High

ID: 66010

File Name: fedora_2013-5958.nasl

Version: 1.7

Type: local

Agent: unix

Published: 4/18/2013

Updated: 1/11/2021

Dependencies: ssh_get_info.nasl

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:java-1.7.0-openjdk, cpe:/o:fedoraproject:fedora:18

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 4/18/2013

Vulnerability Publication Date: 4/18/2013

Reference Information

FEDORA: 2013-5958