Mandrake Local Security Checks : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:170 (java-1.6.0-openjdk)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.831493
Category:	Mandrake Local Security Checks
Title:	Mandriva Update for java-1.6.0-openjdk MDVSA-2011:170 (java-1.6.0-openjdk)
Summary:	The remote host is missing an update for the 'java-1.6.0-openjdk'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'java-1.6.0-openjdk' package(s) announced via the referenced advisory. Vulnerability Insight: Security issues were identified and fixed in openjdk (icedtea6) and icedtea-web: IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking (CVE-2011-3547). IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT (CVE-2011-3548). IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (CVE-2011-3551). IcedTea6 prior to 1.10.4 allows remote attackers to affect integrity via unknown vectors related to Networking (CVE-2011-3552). IcedTea6 prior to 1.10.4 allows remote authenticated users to affect confidentiality, related to JAXWS (CVE-2011-3553). IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting (CVE-2011-3544). IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization (CVE-2011-3521). IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors (CVE-2011-3554). A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection (CVE-2011-3389). Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag -Djsse.enableCBCProtection=false to the java command. IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Hot ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: java-1.6.0-openjdk on Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3547 BugTraq ID: 50243 http://www.securityfocus.com/bid/50243 http://security.gentoo.org/glsa/glsa-201406-32.xml HPdes Security Advisory: HPSBMU02797 http://marc.info/?l=bugtraq&m=134254957702612&w=2 HPdes Security Advisory: HPSBMU02799 http://marc.info/?l=bugtraq&m=134254866602253&w=2 HPdes Security Advisory: HPSBUX02730 http://marc.info/?l=bugtraq&m=132750579901589&w=2 HPdes Security Advisory: HPSBUX02760 http://marc.info/?l=bugtraq&m=133365109612558&w=2 HPdes Security Advisory: HPSBUX02777 http://marc.info/?l=bugtraq&m=133728004526190&w=2 HPdes Security Advisory: SSRT100710 HPdes Security Advisory: SSRT100805 HPdes Security Advisory: SSRT100854 HPdes Security Advisory: SSRT100867 http://osvdb.org/76511 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14339 http://www.redhat.com/support/errata/RHSA-2011-1384.html http://www.redhat.com/support/errata/RHSA-2011-1478.html http://www.redhat.com/support/errata/RHSA-2012-0006.html RedHat Security Advisories: RHSA-2013:1455 http://rhn.redhat.com/errata/RHSA-2013-1455.html http://www.securitytracker.com/id?1026215 http://secunia.com/advisories/48308 http://secunia.com/advisories/48692 http://secunia.com/advisories/49198 SuSE Security Announcement: SUSE-SU-2012:0114 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html SuSE Security Announcement: SUSE-SU-2012:0122 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html http://www.ubuntu.com/usn/USN-1263-1 XForce ISS Database: jre-networking-info-disclosure(70846) https://exchange.xforce.ibmcloud.com/vulnerabilities/70846 Common Vulnerability Exposure (CVE) ID: CVE-2011-3548 BugTraq ID: 50211 http://www.securityfocus.com/bid/50211 http://osvdb.org/76495 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14492 XForce ISS Database: jre-awt-unspecified(70845) https://exchange.xforce.ibmcloud.com/vulnerabilities/70845 Common Vulnerability Exposure (CVE) ID: CVE-2011-3551 BugTraq ID: 50224 http://www.securityfocus.com/bid/50224 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14318 XForce ISS Database: oracle-jre-2d-unspecified(70842) https://exchange.xforce.ibmcloud.com/vulnerabilities/70842 Common Vulnerability Exposure (CVE) ID: CVE-2011-3552 BugTraq ID: 50248 http://www.securityfocus.com/bid/50248 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14465 XForce ISS Database: oracle-jre-networking-unspecified(70841) https://exchange.xforce.ibmcloud.com/vulnerabilities/70841 Common Vulnerability Exposure (CVE) ID: CVE-2011-3553 BugTraq ID: 50246 http://www.securityfocus.com/bid/50246 http://osvdb.org/76512 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14311 XForce ISS Database: oracle-jre-jaxws-info-disc(70840) https://exchange.xforce.ibmcloud.com/vulnerabilities/70840 Common Vulnerability Exposure (CVE) ID: CVE-2011-3544 BugTraq ID: 50218 http://www.securityfocus.com/bid/50218 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947 XForce ISS Database: oracle-jre-scripting-unspecified(70849) https://exchange.xforce.ibmcloud.com/vulnerabilities/70849 Common Vulnerability Exposure (CVE) ID: CVE-2011-3521 BugTraq ID: 50215 http://www.securityfocus.com/bid/50215 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13662 XForce ISS Database: oracle-jre-deserialization-unspecified(70850) https://exchange.xforce.ibmcloud.com/vulnerabilities/70850 Common Vulnerability Exposure (CVE) ID: CVE-2011-3554 BugTraq ID: 50216 http://www.securityfocus.com/bid/50216 http://osvdb.org/76498 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14524 XForce ISS Database: oracle-java-jre-unspecified(70839) https://exchange.xforce.ibmcloud.com/vulnerabilities/70839 Common Vulnerability Exposure (CVE) ID: CVE-2011-3389 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html BugTraq ID: 49388 http://www.securityfocus.com/bid/49388 BugTraq ID: 49778 http://www.securityfocus.com/bid/49778 Cert/CC Advisory: TA12-010A http://www.us-cert.gov/cas/techalerts/TA12-010A.html CERT/CC vulnerability note: VU#864643 http://www.kb.cert.org/vuls/id/864643 Debian Security Information: DSA-2398 (Google Search) http://www.debian.org/security/2012/dsa-2398 http://security.gentoo.org/glsa/glsa-201203-02.xml HPdes Security Advisory: HPSBMU02742 http://marc.info/?l=bugtraq&m=132872385320240&w=2 HPdes Security Advisory: HPSBMU02900 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862 HPdes Security Advisory: SSRT100740 http://www.mandriva.com/security/advisories?name=MDVSA-2012:058 http://ekoparty.org/2011/juliano-rizzo.php http://eprint.iacr.org/2004/111 http://eprint.iacr.org/2006/136 http://isc.sans.edu/diary/SSL+TLS+part+3+/11635 http://vnhacker.blogspot.com/2011/09/beast.html http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html http://www.insecure.cl/Beast-SSL.rar https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 Microsoft Security Bulletin: MS12-006 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006 http://osvdb.org/74829 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752 RedHat Security Advisories: RHSA-2012:0508 http://rhn.redhat.com/errata/RHSA-2012-0508.html http://www.securitytracker.com/id?1025997 http://www.securitytracker.com/id?1026103 http://www.securitytracker.com/id?1026704 http://www.securitytracker.com/id/1029190 http://secunia.com/advisories/45791 http://secunia.com/advisories/47998 http://secunia.com/advisories/48256 http://secunia.com/advisories/48915 http://secunia.com/advisories/48948 http://secunia.com/advisories/55322 http://secunia.com/advisories/55350 http://secunia.com/advisories/55351 SuSE Security Announcement: SUSE-SU-2012:0602 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html SuSE Security Announcement: openSUSE-SU-2012:0030 (Google Search) https://hermes.opensuse.org/messages/13154861 SuSE Security Announcement: openSUSE-SU-2012:0063 (Google Search) https://hermes.opensuse.org/messages/13155432 SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html Common Vulnerability Exposure (CVE) ID: CVE-2011-3558 BugTraq ID: 50242 http://www.securityfocus.com/bid/50242 http://osvdb.org/76510 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13475 XForce ISS Database: oracle-java-hotspot-info-disc(70835) https://exchange.xforce.ibmcloud.com/vulnerabilities/70835 Common Vulnerability Exposure (CVE) ID: CVE-2011-3556 BugTraq ID: 50231 http://www.securityfocus.com/bid/50231 CERT/CC vulnerability note: VU#597809 https://www.kb.cert.org/vuls/id/597809 http://osvdb.org/76505 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14316 XForce ISS Database: jre-rmi-unspecified(70837) https://exchange.xforce.ibmcloud.com/vulnerabilities/70837 Common Vulnerability Exposure (CVE) ID: CVE-2011-3557 BugTraq ID: 50234 http://www.securityfocus.com/bid/50234 http://osvdb.org/76506 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14373 XForce ISS Database: oracle-jre-rmi-unspecified(70836) https://exchange.xforce.ibmcloud.com/vulnerabilities/70836 Common Vulnerability Exposure (CVE) ID: CVE-2011-3560 BugTraq ID: 50236 http://www.securityfocus.com/bid/50236 http://osvdb.org/76507 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14394 XForce ISS Database: oracle-jre-jsse-unspecified(70834) https://exchange.xforce.ibmcloud.com/vulnerabilities/70834 Common Vulnerability Exposure (CVE) ID: CVE-2011-3377 BugTraq ID: 50610 http://www.securityfocus.com/bid/50610 Debian Security Information: DSA-2420 (Google Search) http://www.debian.org/security/2012/dsa-2420 https://bugzilla.redhat.com/show_bug.cgi?id=742515 http://www.osvdb.org/76940 RedHat Security Advisories: RHSA-2011:1441 http://rhn.redhat.com/errata/RHSA-2011-1441.html SuSE Security Announcement: openSUSE-SU-2012:0371 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-03/msg00028.html
Copyright	Copyright (C) 2011 Greenbone Networks GmbH