Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.870988
Category:Red Hat Local Security Checks
Title:RedHat Update for java-1.6.0-openjdk RHSA-2013:0770-01
Summary:The remote host is missing an update for the 'java-1.6.0-openjdk'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'java-1.6.0-openjdk'
package(s) announced via the referenced advisory.

Vulnerability Insight:
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.

Multiple flaws were discovered in the font layout engine in the 2D
component. An untrusted Java application or applet could possibly use these
flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-1569,
CVE-2013-2383, CVE-2013-2384)

Multiple improper permission check issues were discovered in the Beans,
Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java
application or applet could use these flaws to bypass Java sandbox
restrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-1518, CVE-2013-1557)

The previous default value of the java.rmi.server.useCodebaseOnly property
permitted the RMI implementation to automatically load classes from
remotely specified locations. An attacker able to connect to an application
using RMI could use this flaw to make the application execute arbitrary
code. (CVE-2013-1537)

Note: The fix for CVE-2013-1537 changes the default value of the property
to true, restricting class loading to the local CLASSPATH and locations
specified in the java.rmi.server.codebase property. Refer to Red Hat
Bugzilla bug 952387 for additional details.

The 2D component did not properly process certain images. An untrusted Java
application or applet could possibly use this flaw to trigger Java Virtual
Machine memory corruption. (CVE-2013-2420)

It was discovered that the Hotspot component did not properly handle
certain intrinsic frames, and did not correctly perform MethodHandle
lookups. An untrusted Java application or applet could use these flaws to
bypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421)

It was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO
component did not protect against modification of their state while
performing certain native code operations. An untrusted Java application or
applet could possibly use these flaws to trigger Java Virtual Machine
memory corruption. (CVE-2013-2429, CVE-2013-2430)

The JDBC driver manager could incorrectly call the toString() method in
JDBC drivers, and the ConcurrentHashMap class could incorrectly call the
defaultReadObject() method. An untrusted Java application or applet could
possibly use these flaws to bypass Java sandbox restrictions.
(CVE-2013-1488, CVE-2013-2426)

The sun.awt.datatransfer.ClassLoaderObjectIn ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-0401
Cert/CC Advisory: TA13-107A
http://www.us-cert.gov/ncas/alerts/TA13-107A
http://security.gentoo.org/glsa/glsa-201406-32.xml
HPdes Security Advisory: HPSBUX02889
http://marc.info/?l=bugtraq&m=137283787217316&w=2
HPdes Security Advisory: HPSBUX02922
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
HPdes Security Advisory: SSRT101252
HPdes Security Advisory: SSRT101305
http://www.mandriva.com/security/advisories?name=MDVSA-2013:145
http://www.mandriva.com/security/advisories?name=MDVSA-2013:161
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/31c782610044
http://www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283/
https://bugzilla.redhat.com/show_bug.cgi?id=920245
https://twitter.com/thezdi/status/309784608508100608
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16297
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19463
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19641
RedHat Security Advisories: RHSA-2013:0752
http://rhn.redhat.com/errata/RHSA-2013-0752.html
RedHat Security Advisories: RHSA-2013:0757
http://rhn.redhat.com/errata/RHSA-2013-0757.html
RedHat Security Advisories: RHSA-2013:0758
http://rhn.redhat.com/errata/RHSA-2013-0758.html
RedHat Security Advisories: RHSA-2013:1455
http://rhn.redhat.com/errata/RHSA-2013-1455.html
RedHat Security Advisories: RHSA-2013:1456
http://rhn.redhat.com/errata/RHSA-2013-1456.html
SuSE Security Announcement: SUSE-SU-2013:0814 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html
SuSE Security Announcement: SUSE-SU-2013:0835 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html
SuSE Security Announcement: SUSE-SU-2013:0871 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html
SuSE Security Announcement: openSUSE-SU-2013:0777 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html
SuSE Security Announcement: openSUSE-SU-2013:0964 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
http://www.ubuntu.com/usn/USN-1806-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1488
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/a19614a3dabb
https://bugzilla.redhat.com/show_bug.cgi?id=920247
https://twitter.com/thezdi/status/309425888188043264
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16511
Common Vulnerability Exposure (CVE) ID: CVE-2013-1518
BugTraq ID: 59141
http://www.securityfocus.com/bid/59141
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16702
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19451
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19705
Common Vulnerability Exposure (CVE) ID: CVE-2013-1537
http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html
BugTraq ID: 59194
http://www.securityfocus.com/bid/59194
http://seclists.org/fulldisclosure/2013/Feb/18
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/java/javase/7u21-relnotes-1932873.html#rmichanges
http://www.security-explorations.com/en/SE-2012-01-details.html
https://bugzilla.redhat.com/show_bug.cgi?id=952387
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16578
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19385
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19550
SuSE Security Announcement: SUSE-SU-2013:0934 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-1557
AIX APAR: IV40772
http://www-01.ibm.com/support/docview.wss?uid=swg1IV40772
BugTraq ID: 59170
http://www.securityfocus.com/bid/59170
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/76eb3fb80740
https://bugzilla.redhat.com/show_bug.cgi?id=952648
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16688
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19294
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19672
Common Vulnerability Exposure (CVE) ID: CVE-2013-1558
BugTraq ID: 59219
http://www.securityfocus.com/bid/59219
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16543
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19158
Common Vulnerability Exposure (CVE) ID: CVE-2013-1569
BugTraq ID: 59166
http://www.securityfocus.com/bid/59166
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/6784c9903db7
https://bugzilla.redhat.com/show_bug.cgi?id=952711
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16697
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19327
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19556
Common Vulnerability Exposure (CVE) ID: CVE-2013-2383
BugTraq ID: 59190
http://www.securityfocus.com/bid/59190
https://bugzilla.redhat.com/show_bug.cgi?id=952708
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16564
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19291
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19725
Common Vulnerability Exposure (CVE) ID: CVE-2013-2384
BugTraq ID: 59179
http://www.securityfocus.com/bid/59179
https://bugzilla.redhat.com/show_bug.cgi?id=952709
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16549
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19341
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19549
Common Vulnerability Exposure (CVE) ID: CVE-2013-2415
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jaxws/rev/e07c518282ba
https://bugzilla.redhat.com/show_bug.cgi?id=952389
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16011
Common Vulnerability Exposure (CVE) ID: CVE-2013-2417
BugTraq ID: 59187
http://www.securityfocus.com/bid/59187
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/7ca8a40795d8
https://bugzilla.redhat.com/show_bug.cgi?id=952657
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16446
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19524
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19570
Common Vulnerability Exposure (CVE) ID: CVE-2013-2419
BugTraq ID: 59131
http://www.securityfocus.com/bid/59131
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16527
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19386
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19526
Common Vulnerability Exposure (CVE) ID: CVE-2013-2420
BugTraq ID: 59167
http://www.securityfocus.com/bid/59167
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/cf93d3828aa8
https://bugzilla.redhat.com/show_bug.cgi?id=952638
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16597
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19354
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19704
Common Vulnerability Exposure (CVE) ID: CVE-2013-2421
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/hotspot/rev/663b5c744e82
https://bugzilla.redhat.com/show_bug.cgi?id=952649
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16258
Common Vulnerability Exposure (CVE) ID: CVE-2013-2422
BugTraq ID: 59228
http://www.securityfocus.com/bid/59228
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2899c3dbf5e8
https://bugzilla.redhat.com/show_bug.cgi?id=952642
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16561
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19087
Common Vulnerability Exposure (CVE) ID: CVE-2013-2424
BugTraq ID: 59159
http://www.securityfocus.com/bid/59159
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/da1867780fc9
https://bugzilla.redhat.com/show_bug.cgi?id=952509
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16314
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19594
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19656
Common Vulnerability Exposure (CVE) ID: CVE-2013-2426
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/98ad2f1e25d1
https://bugzilla.redhat.com/show_bug.cgi?id=952653
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16683
Common Vulnerability Exposure (CVE) ID: CVE-2013-2429
BugTraq ID: 59184
http://www.securityfocus.com/bid/59184
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/90c9f1577a0b
https://bugzilla.redhat.com/show_bug.cgi?id=952521
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19107
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19203
Common Vulnerability Exposure (CVE) ID: CVE-2013-2430
BugTraq ID: 59243
http://www.securityfocus.com/bid/59243
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/d868fe7c7618
https://bugzilla.redhat.com/show_bug.cgi?id=952524
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15708
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19536
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19715
Common Vulnerability Exposure (CVE) ID: CVE-2013-2431
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/hotspot/rev/c954aab38a7f
https://bugzilla.redhat.com/show_bug.cgi?id=952645
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16410
CopyrightCopyright (c) 2013 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.