Detections
Analytics
Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:126)
critical Nessus Plugin ID 55853
Language:
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
Multiple vulnerabilities were discovered and corrected in java-1.6.0-openjdk :Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization (CVE-2011-0865).
Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (CVE-2011-0862).
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking (CVE-2011-0867).
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ (CVE-2011-0869).
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D (CVE-2011-0868).
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot (CVE-2011-0864).
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing (CVE-2011-0871).
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149 products_id=490
The updated packages have been upgraded to versions which is not vulnerable to these issues.
Solution
Update the affected packages.Plugin Details
Severity: Critical
ID: 55853
File Name: mandriva_MDVSA-2011-126.nasl
Version: 1.9
Type: local
Family: Mandriva Local Security Checks
Published: 8/16/2011
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.0
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:icedtea-web, p-cpe:/a:mandriva:linux:java-1.6.0-openjdk, p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-demo, p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-devel, p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-javadoc, p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-src, p-cpe:/a:mandriva:linux:lib64xrender-devel, p-cpe:/a:mandriva:linux:lib64xrender-static-devel, p-cpe:/a:mandriva:linux:lib64xrender1, p-cpe:/a:mandriva:linux:libxrender-devel, p-cpe:/a:mandriva:linux:libxrender-static-devel, p-cpe:/a:mandriva:linux:libxrender1, cpe:/o:mandriva:linux:2009.0, cpe:/o:mandriva:linux:2010.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 8/15/2011
Reference Information
CVE: CVE-2011-0862, CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871
BID: 48137, 48139, 48140, 48142, 48144, 48146, 48147
MDVSA: 2011:126