SuSE 11.2 Security Update : java-1_6_0-openjdk (SAT Patch Number 8084)

critical Nessus Plugin ID 69029

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

java-1_6_0-openjdk has been updated to Icedtea6-1.12.6 version.

Security fixes :

- S6741606, CVE-2013-2407: Integrate Apache Santuario

- S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls

- S7170730, CVE-2013-2451: Improve Windows network stack support.

- S8000638, CVE-2013-2450: Improve deserialization

- S8000642, CVE-2013-2446: Better handling of objects for transportation

- S8001032: Restrict object access

- S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers

- S8001034, CVE-2013-1500: Memory management improvements

- S8001038, CVE-2013-2444: Resourcefully handle resources

- S8001043: Clarify definition restrictions

- S8001309: Better handling of annotation interfaces

- S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost

- S8001330, CVE-2013-2443: Improve on checking order

- S8003703, CVE-2013-2412: Update RMI connection dialog box

- S8004584: Augment applet contextualization

- S8005007: Better glyph processing

- S8006328, CVE-2013-2448: Improve robustness of sound classes

- S8006611: Improve scripting

- S8007467: Improve robustness of JMX internal APIs

- S8007471: Improve MBean notifications

- S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes

- S8008120, CVE-2013-2457: Improve JMX class checking

- S8008124, CVE-2013-2453: Better compliance testing

- S8008128: Better API coherence for JMX

- S8008132, CVE-2013-2456: Better serialization support

- S8008585: Better JMX data handling

- S8008593: Better URLClassLoader resource management

- S8008603: Improve provision of JMX providers

Solution

Apply SAT patch number 8084.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=829708

http://support.novell.com/security/cve/CVE-2013-1500.html

http://support.novell.com/security/cve/CVE-2013-1571.html

http://support.novell.com/security/cve/CVE-2013-2407.html

http://support.novell.com/security/cve/CVE-2013-2412.html

http://support.novell.com/security/cve/CVE-2013-2443.html

http://support.novell.com/security/cve/CVE-2013-2444.html

http://support.novell.com/security/cve/CVE-2013-2445.html

http://support.novell.com/security/cve/CVE-2013-2446.html

http://support.novell.com/security/cve/CVE-2013-2447.html

http://support.novell.com/security/cve/CVE-2013-2448.html

http://support.novell.com/security/cve/CVE-2013-2450.html

http://support.novell.com/security/cve/CVE-2013-2451.html

http://support.novell.com/security/cve/CVE-2013-2452.html

http://support.novell.com/security/cve/CVE-2013-2453.html

http://support.novell.com/security/cve/CVE-2013-2455.html

http://support.novell.com/security/cve/CVE-2013-2456.html

http://support.novell.com/security/cve/CVE-2013-2457.html

http://support.novell.com/security/cve/CVE-2013-2459.html

http://support.novell.com/security/cve/CVE-2013-2461.html

http://support.novell.com/security/cve/CVE-2013-2463.html

http://support.novell.com/security/cve/CVE-2013-2465.html

http://support.novell.com/security/cve/CVE-2013-2469.html

http://support.novell.com/security/cve/CVE-2013-2470.html

http://support.novell.com/security/cve/CVE-2013-2471.html

http://support.novell.com/security/cve/CVE-2013-2472.html

http://support.novell.com/security/cve/CVE-2013-2473.html

Plugin Details

Severity: Critical

ID: 69029

File Name: suse_11_java-1_6_0-openjdk-130718.nasl

Version: 1.13

Type: local

Agent: unix

Published: 7/24/2013

Updated: 3/29/2022

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.8

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-devel, p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-demo, p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/18/2013

CISA Known Exploited Vulnerability Due Dates: 4/18/2022

Exploitable With

Core Impact

Metasploit (Java storeImageArray() Invalid Array Indexing Vulnerability)

Reference Information

CVE: CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473