openSUSE Security Update : icedtea-web (openSUSE-SU-2011:0706-1)

Critical Nessus Plugin ID 75527


The remote openSUSE host is missing a security update.


Icedtea as included in java-1_6_0-openjdk was updated to fix several security issues :

- S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win)

- S6618658, CVE-2011-0865: Vulnerability in deserialization

- S7012520, CVE-2011-0815: Heap overflow vulnerability in

- S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code

- S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings

- S7013971, CVE-2011-0869: Vulnerability in SAAJ

- S7016340, CVE-2011-0870: Vulnerability in SAAJ

- S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero

- S7020198, CVE-2011-0871: ImageIcon creates Component with null acc

- S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size


Update the affected icedtea-web packages.

See Also

Plugin Details

Severity: Critical

ID: 75527

File Name: suse_11_3_icedtea-web-110627.nasl

Version: $Revision: 1.4 $

Type: local

Agent: unix

Published: 2014/06/13

Modified: 2016/05/19

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:icedtea-web, p-cpe:/a:novell:opensuse:icedtea-web-javadoc, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src, cpe:/o:novell:opensuse:11.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/06/27

Reference Information

CVE: CVE-2011-0815, CVE-2011-0822, CVE-2011-0862, CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0870, CVE-2011-0871, CVE-2011-0872

BID: 48137, 48139, 48140, 48141, 48142, 48143, 48144, 48146, 48147