The remote Oracle Linux 5 / 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0085 advisory.

    [1:1.6.0.33-1.13.6.1.0.1.el5_11]
    - Add oracle-enterprise.patch

    [1:1.6.0.34-1.13.6.1]
    - Update to latest 1.13.6 release candidate tarball
    - Fixes a number of issues found with b34:
    - * OJ51, PR2187: Sync patch for 4873188 with 7 version
    - * OJ52, PR2185: Application of 6786276 introduces compatibility issue
    - * OJ53, PR2181: strict-aliasing warnings issued on PPC32
    - * OJ54, PR2182: 6911104 reintroduces test fragment removed in existing 6964018 backport
    - * S6730740, PR2186: Fix for 6729881 has apparently broken several 64 bit tests: 'Bad address'
    - * S7031830, PR2183: bad_record_mac failure on TLSv1.2 enabled connection with SSLEngine
    - Also includes PR2180, so patch dropped from RPM.
    - Resolves: rhbz#1180289

    [1:1.6.0.34-1.13.6.0]
    - Apply pr2180.patch to work around issue with older autotools.
    - Resolves: rhbz#1180289

    [1:1.6.0.34-1.13.6.0]
    - Update to IcedTea 1.13.6
    - Apply pr2125.patch in generate_rhel_zip.sh to remove unwanted elliptic curves.
    - Add no_pr2125.patch to avoid repeating the procedure during the IcedTea build.
    - Avoid duplicating the OpenJDK build version by making more use of %{openjdkver}.
    - Add US_export_policy.jar and local_policy.jar to packages.
    - Resolves: rhbz#1180289

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2015-0085)

low Nessus Plugin ID 81011

Version 1.20