Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2015-0085)

low Nessus Plugin ID 81011

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 5 / 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0085 advisory.

[1:1.6.0.33-1.13.6.1.0.1.el5_11]
- Add oracle-enterprise.patch

[1:1.6.0.34-1.13.6.1]
- Update to latest 1.13.6 release candidate tarball
- Fixes a number of issues found with b34:
- * OJ51, PR2187: Sync patch for 4873188 with 7 version
- * OJ52, PR2185: Application of 6786276 introduces compatibility issue
- * OJ53, PR2181: strict-aliasing warnings issued on PPC32
- * OJ54, PR2182: 6911104 reintroduces test fragment removed in existing 6964018 backport
- * S6730740, PR2186: Fix for 6729881 has apparently broken several 64 bit tests: 'Bad address'
- * S7031830, PR2183: bad_record_mac failure on TLSv1.2 enabled connection with SSLEngine
- Also includes PR2180, so patch dropped from RPM.
- Resolves: rhbz#1180289

[1:1.6.0.34-1.13.6.0]
- Apply pr2180.patch to work around issue with older autotools.
- Resolves: rhbz#1180289

[1:1.6.0.34-1.13.6.0]
- Update to IcedTea 1.13.6
- Apply pr2125.patch in generate_rhel_zip.sh to remove unwanted elliptic curves.
- Add no_pr2125.patch to avoid repeating the procedure during the IcedTea build.
- Avoid duplicating the OpenJDK build version by making more use of %{openjdkver}.
- Add US_export_policy.jar and local_policy.jar to packages.
- Resolves: rhbz#1180289

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2015-0085.html

Plugin Details

Severity: Low

ID: 81011

File Name: oraclelinux_ELSA-2015-0085.nasl

Version: 1.20

Type: local

Agent: unix

Published: 1/27/2015

Updated: 10/22/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2015-0408

CVSS v3

Risk Factor: Low

Base Score: 3.4

Temporal Score: 3.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2014-3566

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel, p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc, cpe:/o:oracle:linux:5, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:java-1.6.0-openjdk, p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src, p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/26/2015

Vulnerability Publication Date: 10/15/2014

Reference Information

CVE: CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412

BID: 70574, 72132, 72136, 72140, 72142, 72155, 72162, 72165, 72168, 72169, 72173, 72175

RHSA: 2015:0085