Oracle Linux 6 : eclipse (ELSA-2011-0568)

medium Nessus Plugin ID 181063

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-0568 advisory.

eclipse:
[1:3.6.1-6.13]
- Drop patch to remove ant-trax (needed by test runs).

[1:3.6.1-6.12]
- Add two upstream patches to allow for running SDK JUnit tests.

[1:3.6.1-6.11]
- Bring in line with Fedora.
- Remove some stuff that is now done in eclipse-build.
- Fix sources URL.
- Add PDE dependency on zip for pdebuild script.
- Use new eclipse-build targets.
- Increase minimum required memory in eclipse.ini.

[1:3.6.1-6.10]
- Put ant.launching into JDT's dropins directory.

[1:3.6.1-6.9]
- Use apache-tomcat-apis JARs.
- Version objectweb-asm BR/R.

[1:3.6.1-6.8]
- Fix JSP API symlinks.

[1:3.6.1-6.7]
- Install o.e.jdt.junit.core in jdt (rhbz#663207).

[1:3.6.1-6]
- Add Eclipse help XSS vulnerability fix (RH Bz #661901).

[1:3.6.1-5]
- Remove work around for openjdk bug#647737 as openjdk has posted its own work around and will shortly be fixing problem correctly.

[1:3.6.1-4]
- Work around for openjdk bug#647737.

[1:3.6.1-3]
- Add missing Requires on tomcat5-jsp-api (bug#650145).

[1:3.6.1-2]
- Add prepare-build-dir.sh patch.

[1:3.6.1-1]
- Update to 3.6.1.

[1:3.6.0-3]
- Increasing min versions for jetty, icu4j-eclipse and sat4j.

[1:3.6.0-2]
- o.e.core.net.linux is no longer x86 only.

[1:3.6.0-1]
- Update to 3.6.0.
- Based on eclipse-build 0.6.1 RC0.

[1:3.5.2-10]
- Rebuild for new jetty.

[1:3.5.2-9]
- Fix typo in symlinking.

[1:3.5.2-8]
- No need to link jasper.

[1:3.5.2-7]
- Fix servlet and jsp apis symlinks.

[1:3.5.2-6]
- Fix jetty symlinks.

eclipse-birt:

[2.6.0-1.1]
- RHEL 6.1 rebase to Helios.

[2.6.0-1]
- Update to 2.6.0.
- Build rhino plugin as part of BIRT chart feature.
- Remove unnecessary dependencies.

eclipse-callgraph:

[0.6.1-1]
- Update to upstream 0.6.1 release.
- Add reasonable required dependency versions.

[0.6.0-2]
- Update tag to correct version

[0.6.0-1]
- Update to version 0.6 of Linux Tools Proect.

[0.5.0-1]
- Resolves: #575108
- Rebase to Linux tools 0.5 release.

[0.4.0-2]
- Resolves: #553288
- Only support i686, x86_64 for RHEL6 and above.

[0.4.0-1]
- Update to version 0.4 of Linux Tools Project and remove tests feature

[0.0.1-3]
- Added ExcludeArch for ppc64 because eclipse-cdt is not present

[0.0.1-2]
- Some more changes to spec file

[0.0.1-1]
- Make minor changes to spec file

[0.0.1-1]
- Initial creation of eclipse-callgraph

eclipse-cdt:

[1:7.0.1-4]
- Resolves: #678364
- Modify a version of copy-platform so it does not add wild-cards when looking in the dropins folder.

[1:7.0.1-3]
- Resolves: #679543, #678364
- Fix libhover local patch to change location specifiers in glibc and libstdc++ plug-ins.
- Fix build so that it still works if eclipse-cdt-parsers is currently installed.

[1:7.0.1-2]
- Resolves: #622713
- Resolves: #668890
- Fix problems with applying autotools and libhover local patches

[1:7.0.1-1]
- Resolves: #656333
- Rebase to 7.0.1 (Helios SR1) including gdb hardware support fix
- Rebase to Autotools/Libhover 0.7
- Fix Eclipse bug 286162

eclipse-changelog:

[1:2.7.0-1]
- Resolves: #669499
- Update to 2.7.0.
- Update requires.

eclipse-dtp:

[1.8.1-1.1]
- RHEL 6.1 rebase.

[1.8.1-1]
- Update to 1.8.1 (Helios SR1).

[1.8.0-1]
- Update to 1.8.0 (Helios).
- Clarify get-dtp.sh a bit.
- Re-generate Java 6 patch.

eclipse-emf:

[2.6.0-1]
- Resolves: #656344
- Rebase to 2.6.0 (Helios SR1)

eclipse-gef:

[3.6.1-3]
- Fix patch that disables examples source plugin.

[3.6.1-2]
- Remove example source JARs.
- Don't build debuginfo.

[3.6.1-1]
- Update to 3.6.1.

[3.6.0-1]
- Update to 3.6.0.

eclipse-linuxprofilingframework:

[0.6.1-1]
- Resolves: #669461
- Rebase to Linux Tools 0.6.1 version.

eclipse-mylyn:

[3.4.2-9]
- Fix incorrect install_loc path.
- Resolves: rhbz#673174.

[3.4.2-8]
- Add back missing changelog entries.
- Fix mixed tabs and spaces.

[3.4.2-7]
- Fix qualifier to match upstream.
- Resolves: rhbz#669819.

[3.4.2-6]
- Put back in %{_libdir} due to multilib issues.

[3.4.2-5]
- Fix symlink to updated jdom 1.1.1 jar.

[3.4.2-4]
- Fix symlink to non-existing versioned jar.

[3.4.2-3]
- Really fix FTBFS.

[3.4.2-2]
- Fix FTBFS RH Bz #660784

[3.4.2-1]
- Update to 3.4.2.

[3.4.1-3]
- Fix obsoletes/provides for eclipse-cdt-mylyn using an epoch of 2.

[3.4.1-2]
- Backport patch for wikitext to work with Fedora wiki.

[3.4.1-1]
- Update to 3.4.1.

[3.4.0-4]
- Add Wikitext SDK to eclipse-mylyn

[3.4.0-3]
- Relax cdt requires, remove extraneous links, fix xmlrpc split

[3.4.0-2]
- Add required jar links to mylyn dropins directory

[3.4.0-1]
- Update to 3.4.0. Add mylyn-commons feature, remove commons.soap

eclipse-oprofile:

[0.6.1-1]
- Rebase to Linux tools 0.6.1.

[0.5.0-1]
- Resolves: #575107
- Rebase to Linux tools 0.5.0.

[0.4.0-2]
- Only build on x86 and x86_64.

[0.4.0-1]
- 0.4.0 (long overdue)

[0.2.0-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

[0.2.0-2]
- Add -Dconfigs to fix compile.

[0.2.0-1]
- 0.2.0

[0.1.0-4]
- Rebuild for new pdebuild.

[0.1.0-3]
- Refined patch for gcc build failures.

[0.1.0-2]
- Add patch for gcc build failure.

[0.1.0-1]
- Initial packaging.

eclipse-rse:

[3.2-1]
- Resolves: #656338
- Rebase to 3.2 (Helios)

[3.1.2-1]
- Resolves: #566766
- Rebase to 3.1.2 (Galileo SR2 version)
- Remove oro requirement as it is not needed.

[3.1.1-2.2]
- Don't build debuginfo if building arch-specific packages.

[3.1.1-2.1]
- Only build on x86 and x86_64 since we only have eclipse on those arches

[3.1.1-2]
- Update plugin and feature version property files.

[3.1.1-1]
- Move to 3.1.1 tarball.

[3.1-2]
- Add BuildArch noarch.

[3.1-1]
- Move to 3.1 tarball.

[3.0.3-4]
- Resolves #514630

[3.0.3-3]
- Restrict arch support to those supported by prereq CDT.

[3.0.3-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

[3.0.3-1]
- Initial release.

eclipse-valgrind:

[0.6.1-1]
- Upstream 0.6.1 release.

[0.6.0-1]
- Upstream 0.6.0 release.

[0.5.0-2]
- Match upstream qualifier.

[0.5.0-1]
- Rebase to 0.5.0.

[0.4.1-1]
- Upstream 0.4.1 release.

[0.4.0-0.2]
- Make it Exclusive i386 i486 i586 i686 pentium3 pentium4 athlon geode x86_64.

[0.4.0-0.1]
- Pre-release of 0.4.0.

[0.3.0-1]
- Upstream 0.3.0 release.

[0.2.1-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

[0.2.1-2]
- Fix Massif parsing for unknown symbols (Eclipse#281417).

[0.2.1-1]
- Upstream 0.2.1 release.

[0.2.0-2]
- Adding cachegrind plugin to fetch script.

[0.2.0-1]
- Upstream 0.2.0 release.

[0.1.0-6]
- Don't generate debuginfo (rhbz#494719).

[0.1.0-5]
- Rebuild for changes in pdebuild to not ship p2 metadata.

[0.1.0-4]
- Fixed Massif parser crashing on other locales.

[0.1.0-3]
- Changing to arch dependent for CDT dependency.
- Setting minimum Valgrind requirement to 3.3.0.

[0.1.0-2]
- No eclipse-cdt on ppc64 -> ExcludeArch.

[0.1.0-1]
- Initial package.

icu4j:

[1:4.2.1-5]
- Remove maven bits.
- Restore missing changelog entries.

[1:4.2.1-4]
- Bring back epoch.

[1:4.2.1-3]
- fix arch-related statements so we build on s390 variants.

[1:4.2.1-1]
- Update to 4.2.1.

jetty-eclipse:

[6.1.24-2]
- Resolves: #661845
- Bump version to allow make tag to work.

[6.1.24-1]
- Resolves: #661845
- Rebase to release based on jetty-6.1.24.

objectweb-asm:

[0:3.2-2.1]
- Rebuild for RHEL 6.1.

[0:3.2.1-2]
- Change depmap parent id to asm (bug #606659)

[0:3.2.1]
- Upgrade to 3.2

sat4j:

[2.2.0-4]
- update to 2.2.0 and move to RHEL 6.1
- removed ecj dependency
- fixed to run against Java 1.5+

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2011-0568.html

Plugin Details

Severity: Medium

ID: 181063

File Name: oraclelinux_ELSA-2011-0568.nasl

Version: 1.1

Type: local

Agent: unix

Published: 9/7/2023

Updated: 10/22/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2010-4647

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:eclipse-mylyn-cdt, p-cpe:/a:oracle:linux:eclipse-dtp, p-cpe:/a:oracle:linux:eclipse-pde, p-cpe:/a:oracle:linux:eclipse-gef-sdk, p-cpe:/a:oracle:linux:objectweb-asm-javadoc, p-cpe:/a:oracle:linux:eclipse-oprofile, p-cpe:/a:oracle:linux:eclipse-emf, p-cpe:/a:oracle:linux:eclipse-gef-examples, p-cpe:/a:oracle:linux:icu4j-eclipse, p-cpe:/a:oracle:linux:eclipse-cdt-parsers, p-cpe:/a:oracle:linux:eclipse-valgrind, p-cpe:/a:oracle:linux:eclipse-emf-xsd, p-cpe:/a:oracle:linux:eclipse-emf-sdk, p-cpe:/a:oracle:linux:eclipse-mylyn, p-cpe:/a:oracle:linux:eclipse-cdt-sdk, p-cpe:/a:oracle:linux:eclipse-platform, p-cpe:/a:oracle:linux:eclipse-birt, p-cpe:/a:oracle:linux:eclipse-swt, p-cpe:/a:oracle:linux:objectweb-asm, p-cpe:/a:oracle:linux:icu4j, p-cpe:/a:oracle:linux:eclipse-callgraph, p-cpe:/a:oracle:linux:eclipse-changelog, p-cpe:/a:oracle:linux:eclipse-mylyn-trac, p-cpe:/a:oracle:linux:eclipse-emf-xsd-sdk, p-cpe:/a:oracle:linux:eclipse-rcp, p-cpe:/a:oracle:linux:eclipse-cdt, p-cpe:/a:oracle:linux:eclipse-mylyn-java, p-cpe:/a:oracle:linux:eclipse-gef, p-cpe:/a:oracle:linux:eclipse-mylyn-pde, p-cpe:/a:oracle:linux:jetty-eclipse, p-cpe:/a:oracle:linux:icu4j-javadoc, p-cpe:/a:oracle:linux:sat4j, p-cpe:/a:oracle:linux:eclipse-emf-examples, p-cpe:/a:oracle:linux:eclipse-rse, p-cpe:/a:oracle:linux:eclipse-mylyn-wikitext, p-cpe:/a:oracle:linux:eclipse-mylyn-webtasks, p-cpe:/a:oracle:linux:eclipse-jdt, p-cpe:/a:oracle:linux:eclipse-linuxprofilingframework, cpe:/o:oracle:linux:6

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/28/2011

Vulnerability Publication Date: 11/16/2010

Reference Information

CVE: CVE-2010-4647