Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2013-0165)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123748

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2013-0165)

Resumen: The remote host is missing an update for the 'java-1.7.0-openjdk' package(s) announced via the ELSA-2013-0165 advisory.

Descripción: Summary:
The remote host is missing an update for the 'java-1.7.0-openjdk' package(s) announced via the ELSA-2013-0165 advisory.

Vulnerability Insight:
[1.7.0.9-2.3.4.1.0.1.el6_3]
- Update DISTRO_NAME in specfile

[1.7.0.9-2.3.4.1.el6]
- Rewerted to IcedTea 2.3.4
- rewerted patch105: java-1.7.0-openjdk-disable-system-lcms.patch
- removed jxmd and idlj to alternatives
- make NOT executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true
- re-applied patch302 and restored systemtap.patch
- buildver set to 9
- icedtea_version set to 2.3.4
- unapplied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch
- restored tmp-patches source tarball
- removed /lib/security/US_export_policy.jar and lib/security/local_policy.jar
- java-1.7.0-openjdk-java-access-bridge-security.patch's path moved from
java.security-linux back to java.security
- Resolves: rhbz#895033

[1.7.0.11-2.4.0.1.el6]
- Rewritten patch105: java-1.7.0-openjdk-disable-system-lcms.patch
- Added jxmd and idlj to alternatives
- make executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true
- Unapplied patch302 and deleted systemtap.patch
- buildver increased to 11
- icedtea_version set to 2.4.0
- Added and applied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch
- removed tmp-patches source tarball
- Added /lib/security/US_export_policy.jar and lib/security/local_policy.jar
- Resolves: rhbz#895033

Affected Software/OS:
'java-1.7.0-openjdk' package(s) on Oracle Linux 5, Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-3174
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/
RedHat Security Advisories: RHSA-2013:0156
http://rhn.redhat.com/errata/RHSA-2013-0156.html
RedHat Security Advisories: RHSA-2013:0165
http://rhn.redhat.com/errata/RHSA-2013-0165.html
SuSE Security Announcement: openSUSE-SU-2013:0199 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html
http://www.ubuntu.com/usn/USN-1693-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-0422
Bugtraq: 20130110 [SE-2012-01] 'Fix' for Issue 32 exploited by new Java 0-day code (Google Search)
http://seclists.org/bugtraq/2013/Jan/48
Cert/CC Advisory: TA13-010A
http://www.us-cert.gov/cas/techalerts/TA13-010A.html
CERT/CC vulnerability note: VU#625617
http://www.kb.cert.org/vuls/id/625617
http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html
http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html
http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/
http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/
http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html
https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf
https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013
https://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_us

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123748
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2013-0165)
Resumen:	The remote host is missing an update for the 'java-1.7.0-openjdk' package(s) announced via the ELSA-2013-0165 advisory.
Descripción:	Summary: The remote host is missing an update for the 'java-1.7.0-openjdk' package(s) announced via the ELSA-2013-0165 advisory. Vulnerability Insight: [1.7.0.9-2.3.4.1.0.1.el6_3] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.4.1.el6] - Rewerted to IcedTea 2.3.4 - rewerted patch105: java-1.7.0-openjdk-disable-system-lcms.patch - removed jxmd and idlj to alternatives - make NOT executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true - re-applied patch302 and restored systemtap.patch - buildver set to 9 - icedtea_version set to 2.3.4 - unapplied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch - restored tmp-patches source tarball - removed /lib/security/US_export_policy.jar and lib/security/local_policy.jar - java-1.7.0-openjdk-java-access-bridge-security.patch's path moved from java.security-linux back to java.security - Resolves: rhbz#895033 [1.7.0.11-2.4.0.1.el6] - Rewritten patch105: java-1.7.0-openjdk-disable-system-lcms.patch - Added jxmd and idlj to alternatives - make executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true - Unapplied patch302 and deleted systemtap.patch - buildver increased to 11 - icedtea_version set to 2.4.0 - Added and applied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch - removed tmp-patches source tarball - Added /lib/security/US_export_policy.jar and lib/security/local_policy.jar - Resolves: rhbz#895033 Affected Software/OS: 'java-1.7.0-openjdk' package(s) on Oracle Linux 5, Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3174 http://www.mandriva.com/security/advisories?name=MDVSA-2013:095 http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/ RedHat Security Advisories: RHSA-2013:0156 http://rhn.redhat.com/errata/RHSA-2013-0156.html RedHat Security Advisories: RHSA-2013:0165 http://rhn.redhat.com/errata/RHSA-2013-0165.html SuSE Security Announcement: openSUSE-SU-2013:0199 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html http://www.ubuntu.com/usn/USN-1693-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-0422 Bugtraq: 20130110 [SE-2012-01] 'Fix' for Issue 32 exploited by new Java 0-day code (Google Search) http://seclists.org/bugtraq/2013/Jan/48 Cert/CC Advisory: TA13-010A http://www.us-cert.gov/cas/techalerts/TA13-010A.html CERT/CC vulnerability note: VU#625617 http://www.kb.cert.org/vuls/id/625617 http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/ http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/ http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013 https://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_us
Copyright	Copyright (C) 2015 Greenbone AG