openSUSE Security Update : icedtea-web (openSUSE-SU-2011:0706-1)

Critical Nessus Plugin ID 75863

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 9

Synopsis

The remote openSUSE host is missing a security update.

Description

Icedtea as included in java-1_6_0-openjdk was updated to fix several security issues :

dbg114-icedtea-web-4788 icedtea-web-4788 new_updateinfo S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win) dbg114-icedtea-web-4788 icedtea-web-4788 new_updateinfo S6618658, CVE-2011-0865: Vulnerability in deserialization dbg114-icedtea-web-4788 icedtea-web-4788 new_updateinfo S7012520, CVE-2011-0815: Heap overflow vulnerability in FileDialog.show() dbg114-icedtea-web-4788 icedtea-web-4788 new_updateinfo S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code dbg114-icedtea-web-4788 icedtea-web-4788 new_updateinfo S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings dbg114-icedtea-web-4788 icedtea-web-4788 new_updateinfo S7013971, CVE-2011-0869: Vulnerability in SAAJ dbg114-icedtea-web-4788 icedtea-web-4788 new_updateinfo S7016340, CVE-2011-0870: Vulnerability in SAAJ dbg114-icedtea-web-4788 icedtea-web-4788 new_updateinfo S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero dbg114-icedtea-web-4788 icedtea-web-4788 new_updateinfo S7020198, CVE-2011-0871: ImageIcon creates Component with null acc dbg114-icedtea-web-4788 icedtea-web-4788 new_updateinfo S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size

Solution

Update the affected icedtea-web packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=596177

https://bugzilla.novell.com/show_bug.cgi?id=698739

https://lists.opensuse.org/opensuse-updates/2011-06/msg00044.html

Plugin Details

Severity: Critical

ID: 75863

File Name: suse_11_4_icedtea-web-110627.nasl

Version: 1.9

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 9

CVSS v2.0

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:icedtea-web, p-cpe:/a:novell:opensuse:icedtea-web-javadoc, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-debuginfo, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-debugsource, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel-debuginfo, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src, cpe:/o:novell:opensuse:11.4

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/06/27

Reference Information

CVE: CVE-2011-0815, CVE-2011-0822, CVE-2011-0862, CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0870, CVE-2011-0871, CVE-2011-0872

BID: 48137, 48139, 48140, 48141, 48142, 48143, 48144, 48146, 48147