Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.69567
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2224-1 (openjdk-6)
Summary:The remote host is missing an update to openjdk-6;announced via advisory DSA 2224-1.
Description:Summary:
The remote host is missing an update to openjdk-6
announced via advisory DSA 2224-1.

Vulnerability Insight:
Several security vulnerabilities were discovered in OpenJDK, an
implementation of the Java platform.

CVE-2010-4351
The JNLP SecurityManager returns from the checkPermission method
instead of throwing an exception in certain circumstances, which
might allow context-dependent attackers to bypass the intended
security policy by creating instances of ClassLoader.

CVE-2010-4448
Malicious applets can perform DNS cache poisoning.

CVE-2010-4450
An empty (but set) LD_LIBRARY_PATH environment variable results in
a misconstructed library search path, resulting in code execution
from possibly untrusted sources.

CVE-2010-4465
Malicious applets can extend their privileges by abusing Swing
timers.

CVE-2010-4469
The Hotspot just-in-time compiler miscompiles crafted byte
sequences, resulting in heap corruption.

CVE-2010-4470
JAXP can be exploited by untrusted code to elevate privileges.

CVE-2010-4471
Java2D can be exploited by untrusted code to elevate privileges.

CVE-2010-4472
Untrusted code can replace the XML DSIG implementation.

CVE-2011-0025
Signatures on JAR files are not properly verified, which allows
remote attackers to trick users into executing code that appears
to come from a trusted source.

CVE-2011-0706
The JNLPClassLoader class allows remote attackers to gain
privileges via unknown vectors related to multiple signers and the
assignment of an inappropriate security descriptor

In addition, this security update contains stability fixes, such as
switching to the recommended Hotspot version (hs14) for this
particular version of OpenJDK.

For the oldstable distribution (lenny), these problems have been fixed in
version 6b18-1.8.7-2~
lenny1.

For the stable distribution (squeeze), these problems have been fixed in
version 6b18-1.8.7-2~
squeeze1.

For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 1.8.7-1.

Solution:
We recommend that you upgrade your openjdk-6 packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-4351
BugTraq ID: 45894
http://www.securityfocus.com/bid/45894
Debian Security Information: DSA-2224 (Google Search)
http://www.debian.org/security/2011/dsa-2224
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053288.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053276.html
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2011:054
http://www.zerodayinitiative.com/advisories/ZDI-11-014/
http://osvdb.org/70605
http://www.redhat.com/support/errata/RHSA-2011-0176.html
http://secunia.com/advisories/43002
http://secunia.com/advisories/43078
http://secunia.com/advisories/43085
http://secunia.com/advisories/43135
http://www.ubuntu.com/usn/USN-1052-1
http://www.ubuntu.com/usn/USN-1055-1
http://www.vupen.com/english/advisories/2011/0165
http://www.vupen.com/english/advisories/2011/0166
http://www.vupen.com/english/advisories/2011/0215
http://www.vupen.com/english/advisories/2011/0239
XForce ISS Database: icedtea-jnlp-code-execution(64893)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64893
Common Vulnerability Exposure (CVE) ID: CVE-2010-4448
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html
HPdes Security Advisory: HPSBMU02797
http://marc.info/?l=bugtraq&m=134254957702612&w=2
HPdes Security Advisory: HPSBMU02799
http://marc.info/?l=bugtraq&m=134254866602253&w=2
HPdes Security Advisory: HPSBUX02777
http://marc.info/?l=bugtraq&m=133728004526190&w=2
HPdes Security Advisory: SSRT100854
HPdes Security Advisory: SSRT100867
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12906
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14045
http://www.redhat.com/support/errata/RHSA-2011-0281.html
http://www.redhat.com/support/errata/RHSA-2011-0282.html
http://www.redhat.com/support/errata/RHSA-2011-0880.html
http://secunia.com/advisories/43350
http://secunia.com/advisories/44954
http://secunia.com/advisories/49198
SuSE Security Announcement: SUSE-SA:2011:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html
SuSE Security Announcement: SUSE-SU-2011:0823 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-4450
BugTraq ID: 46397
http://www.securityfocus.com/bid/46397
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12420
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14135
XForce ISS Database: oracle-java-launcher-code-exec(65406)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65406
Common Vulnerability Exposure (CVE) ID: CVE-2010-4465
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12925
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14034
Common Vulnerability Exposure (CVE) ID: CVE-2010-4469
BugTraq ID: 46400
http://www.securityfocus.com/bid/46400
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12833
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13639
XForce ISS Database: oracle-hotspot-code-exec(65399)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65399
Common Vulnerability Exposure (CVE) ID: CVE-2010-4470
BugTraq ID: 46387
http://www.securityfocus.com/bid/46387
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12887
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14076
XForce ISS Database: oracle-runtime-dos(65404)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65404
Common Vulnerability Exposure (CVE) ID: CVE-2010-4471
BugTraq ID: 46399
http://www.securityfocus.com/bid/46399
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12089
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14417
XForce ISS Database: oracle-runtime-information-disclosure(65405)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65405
Common Vulnerability Exposure (CVE) ID: CVE-2010-4472
BugTraq ID: 46404
http://www.securityfocus.com/bid/46404
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12903
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14118
XForce ISS Database: oracle-java-xml-dos(65411)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65411
Common Vulnerability Exposure (CVE) ID: CVE-2011-0025
BugTraq ID: 46110
http://www.securityfocus.com/bid/46110
http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset;node=3bd328e4b515
XForce ISS Database: icedtea-jar-security-bypass(65151)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65151
Common Vulnerability Exposure (CVE) ID: CVE-2011-0706
BugTraq ID: 46439
http://www.securityfocus.com/bid/46439
https://bugzilla.redhat.com/show_bug.cgi?id=677332
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117
XForce ISS Database: icedtea-jnlpclassloader-priv-esc(65534)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65534
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.