RHEL 5 / 6 : java-1.6.0-sun (RHSA-2013:0236)

high Nessus Plugin ID 64467

Synopsis

The remote Red Hat host is missing one or more security updates for java-1.6.0-sun.

Description

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0236 advisory.

Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
(CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481)

All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 39. All running instances of Oracle Java must be restarted for the update to take effect.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL java-1.6.0-sun package based on the guidance in RHSA-2013:0236.

See Also

http://www.nessus.org/u?a915dbbd

https://access.redhat.com/errata/RHSA-2013:0236

https://access.redhat.com/security/updates/classification/#critical

https://bugzilla.redhat.com/show_bug.cgi?id=859140

https://bugzilla.redhat.com/show_bug.cgi?id=860652

https://bugzilla.redhat.com/show_bug.cgi?id=906813

https://bugzilla.redhat.com/show_bug.cgi?id=906892

https://bugzilla.redhat.com/show_bug.cgi?id=906894

https://bugzilla.redhat.com/show_bug.cgi?id=906899

https://bugzilla.redhat.com/show_bug.cgi?id=906900

https://bugzilla.redhat.com/show_bug.cgi?id=906904

https://bugzilla.redhat.com/show_bug.cgi?id=906911

https://bugzilla.redhat.com/show_bug.cgi?id=906914

https://bugzilla.redhat.com/show_bug.cgi?id=906916

https://bugzilla.redhat.com/show_bug.cgi?id=906917

https://bugzilla.redhat.com/show_bug.cgi?id=906918

https://bugzilla.redhat.com/show_bug.cgi?id=906921

https://bugzilla.redhat.com/show_bug.cgi?id=906923

https://bugzilla.redhat.com/show_bug.cgi?id=906930

https://bugzilla.redhat.com/show_bug.cgi?id=906933

https://bugzilla.redhat.com/show_bug.cgi?id=906935

https://bugzilla.redhat.com/show_bug.cgi?id=907207

https://bugzilla.redhat.com/show_bug.cgi?id=907219

https://bugzilla.redhat.com/show_bug.cgi?id=907223

https://bugzilla.redhat.com/show_bug.cgi?id=907224

https://bugzilla.redhat.com/show_bug.cgi?id=907226

https://bugzilla.redhat.com/show_bug.cgi?id=907340

https://bugzilla.redhat.com/show_bug.cgi?id=907344

https://bugzilla.redhat.com/show_bug.cgi?id=907346

https://bugzilla.redhat.com/show_bug.cgi?id=907453

https://bugzilla.redhat.com/show_bug.cgi?id=907455

https://bugzilla.redhat.com/show_bug.cgi?id=907456

https://bugzilla.redhat.com/show_bug.cgi?id=907457

https://bugzilla.redhat.com/show_bug.cgi?id=907458

https://bugzilla.redhat.com/show_bug.cgi?id=907460

http://www.nessus.org/u?50b85adf

Plugin Details

Severity: High

ID: 64467

File Name: redhat-RHSA-2013-0236.nasl

Version: 1.21

Type: local

Agent: unix

Published: 2/5/2013

Updated: 11/4/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.0

Vendor

Vendor Severity: Critical

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2013-1481

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2013-0433

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel, cpe:/o:redhat:enterprise_linux:5, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/4/2013

Reference Information

CVE: CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481

BID: 57686, 57687, 57689, 57691, 57692, 57694, 57696, 57697, 57699, 57700, 57702, 57703, 57708, 57709, 57710, 57711, 57713, 57714, 57715, 57716, 57717, 57718, 57720, 57722, 57724, 57727, 57728, 57729, 57730, 57731

CWE: 79

RHSA: 2013:0236