Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2012-1223)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123832

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2012-1223)

Resumen: The remote host is missing an update for the 'java-1.7.0-openjdk' package(s) announced via the ELSA-2012-1223 advisory.

Descripción: Summary:
The remote host is missing an update for the 'java-1.7.0-openjdk' package(s) announced via the ELSA-2012-1223 advisory.

Vulnerability Insight:
[1.7.0.5-2.2.1.0.1.el6_3.3]
- Modify DISTRO_NAME for Oracle

[1.7.0.5-2.2.1.el6.3]
- Removed patch 304 java-1.7.0-openjdk-beans-isPackageAccessible.patch
- Applied upstream patches for same issue:
patch 1001 sec-webrevs-openjdk7-29_aug_2012-7162473.patch
patch 1002 sec-webrevs-openjdk7-29_aug_2012-7162476.patch
patch 1003 sec-webrevs-openjdk7-29_aug_2012-7163201.patch
patch 1004 sec-webrevs-openjdk7-29_aug_2012-7194567.patch
patch 1005 sec-webrevs-openjdk7-29_aug_2012-78e01a6ca8d3.patch
- Resolves: rhbz#852299

[1.7.0.5-2.2.1.1.el6]
- Added patch 304 java-1.7.0-openjdk-beans-isPackageAccessible.patch
to fix vulnerability until it is fixed in upstream sources.
- Resolves: rhbz#852299

Affected Software/OS:
'java-1.7.0-openjdk' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-0547
BugTraq ID: 55339
http://www.securityfocus.com/bid/55339
http://security.gentoo.org/glsa/glsa-201406-32.xml
HPdes Security Advisory: HPSBUX02824
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03533078
HPdes Security Advisory: HPSBUX02825
http://marc.info/?l=bugtraq&m=135161897205627&w=2
HPdes Security Advisory: SSRT100970
HPdes Security Advisory: SSRT100974
RedHat Security Advisories: RHSA-2012:1222
http://rhn.redhat.com/errata/RHSA-2012-1222.html
RedHat Security Advisories: RHSA-2012:1225
http://rhn.redhat.com/errata/RHSA-2012-1225.html
RedHat Security Advisories: RHSA-2012:1392
http://rhn.redhat.com/errata/RHSA-2012-1392.html
RedHat Security Advisories: RHSA-2012:1466
http://rhn.redhat.com/errata/RHSA-2012-1466.html
RedHat Security Advisories: RHSA-2013:1455
http://rhn.redhat.com/errata/RHSA-2013-1455.html
RedHat Security Advisories: RHSA-2013:1456
http://rhn.redhat.com/errata/RHSA-2013-1456.html
http://secunia.com/advisories/51044
http://secunia.com/advisories/51141
http://secunia.com/advisories/51327
SuSE Security Announcement: SUSE-SU-2012:1148 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00006.html
SuSE Security Announcement: SUSE-SU-2012:1231 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html
SuSE Security Announcement: openSUSE-SU-2012:1175 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00019.html
http://www.ubuntu.com/usn/USN-1553-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-1682
http://marc.info/?l=bugtraq&m=135109152819176&w=2
Common Vulnerability Exposure (CVE) ID: CVE-2012-3136
Common Vulnerability Exposure (CVE) ID: CVE-2012-4681
BugTraq ID: 55213
http://www.securityfocus.com/bid/55213
Cert/CC Advisory: TA12-240A
http://www.us-cert.gov/cas/techalerts/TA12-240A.html
http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html
http://immunityproducts.blogspot.com/2012/08/java-0day-analysis-cve-2012-4681.html
http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/
http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html
https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day
SuSE Security Announcement: SUSE-SU-2012:1398 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123832
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2012-1223)
Resumen:	The remote host is missing an update for the 'java-1.7.0-openjdk' package(s) announced via the ELSA-2012-1223 advisory.
Descripción:	Summary: The remote host is missing an update for the 'java-1.7.0-openjdk' package(s) announced via the ELSA-2012-1223 advisory. Vulnerability Insight: [1.7.0.5-2.2.1.0.1.el6_3.3] - Modify DISTRO_NAME for Oracle [1.7.0.5-2.2.1.el6.3] - Removed patch 304 java-1.7.0-openjdk-beans-isPackageAccessible.patch - Applied upstream patches for same issue: patch 1001 sec-webrevs-openjdk7-29_aug_2012-7162473.patch patch 1002 sec-webrevs-openjdk7-29_aug_2012-7162476.patch patch 1003 sec-webrevs-openjdk7-29_aug_2012-7163201.patch patch 1004 sec-webrevs-openjdk7-29_aug_2012-7194567.patch patch 1005 sec-webrevs-openjdk7-29_aug_2012-78e01a6ca8d3.patch - Resolves: rhbz#852299 [1.7.0.5-2.2.1.1.el6] - Added patch 304 java-1.7.0-openjdk-beans-isPackageAccessible.patch to fix vulnerability until it is fixed in upstream sources. - Resolves: rhbz#852299 Affected Software/OS: 'java-1.7.0-openjdk' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0547 BugTraq ID: 55339 http://www.securityfocus.com/bid/55339 http://security.gentoo.org/glsa/glsa-201406-32.xml HPdes Security Advisory: HPSBUX02824 https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03533078 HPdes Security Advisory: HPSBUX02825 http://marc.info/?l=bugtraq&m=135161897205627&w=2 HPdes Security Advisory: SSRT100970 HPdes Security Advisory: SSRT100974 RedHat Security Advisories: RHSA-2012:1222 http://rhn.redhat.com/errata/RHSA-2012-1222.html RedHat Security Advisories: RHSA-2012:1225 http://rhn.redhat.com/errata/RHSA-2012-1225.html RedHat Security Advisories: RHSA-2012:1392 http://rhn.redhat.com/errata/RHSA-2012-1392.html RedHat Security Advisories: RHSA-2012:1466 http://rhn.redhat.com/errata/RHSA-2012-1466.html RedHat Security Advisories: RHSA-2013:1455 http://rhn.redhat.com/errata/RHSA-2013-1455.html RedHat Security Advisories: RHSA-2013:1456 http://rhn.redhat.com/errata/RHSA-2013-1456.html http://secunia.com/advisories/51044 http://secunia.com/advisories/51141 http://secunia.com/advisories/51327 SuSE Security Announcement: SUSE-SU-2012:1148 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00006.html SuSE Security Announcement: SUSE-SU-2012:1231 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html SuSE Security Announcement: openSUSE-SU-2012:1175 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00019.html http://www.ubuntu.com/usn/USN-1553-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-1682 http://marc.info/?l=bugtraq&m=135109152819176&w=2 Common Vulnerability Exposure (CVE) ID: CVE-2012-3136 Common Vulnerability Exposure (CVE) ID: CVE-2012-4681 BugTraq ID: 55213 http://www.securityfocus.com/bid/55213 Cert/CC Advisory: TA12-240A http://www.us-cert.gov/cas/techalerts/TA12-240A.html http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html http://immunityproducts.blogspot.com/2012/08/java-0day-analysis-cve-2012-4681.html http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/ http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day SuSE Security Announcement: SUSE-SU-2012:1398 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
Copyright	Copyright (C) 2015 Greenbone AG