Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-2224-1:ECD2A
HistoryApr 20, 2011 - 8:19 p.m.

[SECURITY] [DSA 2224-1] openjdk-6 security update

2011-04-2020:19:48
lists.debian.org
39

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.013 Low

EPSS

Percentile

85.5%

JSON

Debian Security Advisory DSA-2224-1 [email protected]
http://www.debian.org/security/ Florian Weimer
April 20, 2011 http://www.debian.org/security/faq

Package : openjdk-6
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-4351 CVE-2010-4448 CVE-2010-4450 CVE-2010-4465
CVE-2010-4469 CVE-2010-4470 CVE-2010-4471 CVE-2010-4472
CVE-2011-0025 CVE-2011-0706

Several security vulnerabilities were discovered in OpenJDK, an
implementation of the Java platform.

CVE-2010-4351
The JNLP SecurityManager returns from the checkPermission method
instead of throwing an exception in certain circumstances, which
might allow context-dependent attackers to bypass the intended
security policy by creating instances of ClassLoader.

CVE-2010-4448
Malicious applets can perform DNS cache poisoning.

CVE-2010-4450
An empty (but set) LD_LIBRARY_PATH environment variable results in
a misconstructed library search path, resulting in code execution
from possibly untrusted sources.

CVE-2010-4465
Malicious applets can extend their privileges by abusing Swing
timers.

CVE-2010-4469
The Hotspot just-in-time compiler miscompiles crafted byte
sequences, resulting in heap corruption.

CVE-2010-4470
JAXP can be exploited by untrusted code to elevate privileges.

CVE-2010-4471
Java2D can be exploited by untrusted code to elevate privileges.

CVE-2010-4472
Untrusted code can replace the XML DSIG implementation.

CVE-2011-0025
Signatures on JAR files are not properly verified, which allows
remote attackers to trick users into executing code that appears
to come from a trusted source.

CVE-2011-0706
The JNLPClassLoader class allows remote attackers to gain
privileges via unknown vectors related to multiple signers and the
assignment of "an inappropriate security descriptor

In addition, this security update contains stability fixes, such as
switching to the recommended Hotspot version (hs14) for this
particular version of OpenJDK.

For the oldstable distribution (lenny), these problems have been fixed in
version 6b18-1.8.7-2~lenny1.

For the stable distribution (squeeze), these problems have been fixed in
version 6b18-1.8.7-2~squeeze1.

For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 1.8.7-1.

We recommend that you upgrade your openjdk-6 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6powerpcopenjdk-6-jre< 6b18-1.8.7-2~squeeze1openjdk-6-jre_6b18-1.8.7-2~squeeze1_powerpc.deb
Debian5sparcopenjdk-6-dbg< 6b18-1.8.7-2~lenny1openjdk-6-dbg_6b18-1.8.7-2~lenny1_sparc.deb
Debian5mipsopenjdk-6-jre-headless< 6b18-1.8.7-2~lenny1openjdk-6-jre-headless_6b18-1.8.7-2~lenny1_mips.deb
Debian6amd64icedtea-6-jre-cacao< 6b18-1.8.7-2~squeeze1icedtea-6-jre-cacao_6b18-1.8.7-2~squeeze1_amd64.deb
Debian6armelopenjdk-6-jre-headless< 6b18-1.8.7-2~squeeze1openjdk-6-jre-headless_6b18-1.8.7-2~squeeze1_armel.deb
Debian5i386openjdk-6-demo< 6b18-1.8.7-2~lenny1openjdk-6-demo_6b18-1.8.7-2~lenny1_i386.deb
Debian6mipsopenjdk-6-dbg< 6b18-1.8.7-2~squeeze1openjdk-6-dbg_6b18-1.8.7-2~squeeze1_mips.deb
Debian6armelopenjdk-6-dbg< 6b18-1.8.7-2~squeeze1openjdk-6-dbg_6b18-1.8.7-2~squeeze1_armel.deb
Debian5mipsopenjdk-6-jre< 6b18-1.8.7-2~lenny1openjdk-6-jre_6b18-1.8.7-2~lenny1_mips.deb
Debian5allopenjdk-6< 6b18-1.8.7-2~lenny1openjdk-6_6b18-1.8.7-2~lenny1_all.deb
Rows per page:
1-10 of 1131

Related

openvas 64
osv 1
nessus 52
fedora 10
ubuntu 5
centos 2
oraclelinux 2
redhat 8
securityvulns 5
suse 4
cve 10
veracode 8
ubuntucve 10
prion 10
seebug 1
zdi 2
vmware 2
gentoo 2
oracle 1
openvas
openvas
Debian Security Advisory DSA 2224-1 (openjdk-6)
2011-05-12 00:00:00
Debian: Security Advisory (DSA-2224-1)
2011-05-12 00:00:00
Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk)
2011-04-01 00:00:00
osv
osv
openjdk-6 - several
2011-04-20 00:00:00
nessus
nessus
Debian DSA-2224-1 : openjdk-6 - several vulnerabilities
2011-04-21 00:00:00
openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)
2011-05-05 00:00:00
Fedora 13 : java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13 (2011-1631)
2011-02-17 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13
2011-02-16 19:17:23
[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-52.1.9.7.fc14
2011-02-16 19:20:33
[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-53.1.9.8.fc14
2011-06-11 04:18:13
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2011-03-15 00:00:00
OpenJDK 6 vulnerabilities
2011-03-01 00:00:00
OpenJDK 6 vulnerabilities
2011-03-17 00:00:00
centos
centos
java security update
2011-04-14 14:33:37
java security update
2011-04-14 14:29:15
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2011-02-17 00:00:00
java-1.6.0-openjdk security update
2011-01-25 00:00:00
redhat
redhat
(RHSA-2011:0281) Important: java-1.6.0-openjdk security update
2011-02-17 00:00:00
(RHSA-2011:0282) Critical: java-1.6.0-sun security update
2011-02-17 00:00:00
(RHSA-2011:0364) Critical: java-1.5.0-ibm security update
2011-03-17 00:00:00
securityvulns
securityvulns
IcedTea for Java OpenJDK protection bypass
2011-02-02 00:00:00
[USN-1055-1] OpenJDK vulnerabilities
2011-02-02 00:00:00
Oracle Java multiple security vulnerabilities / OpenJDK
2011-02-17 00:00:00
suse
suse
remote code execution in java-1_6_0-sun
2011-02-22 14:41:11
remote code execution in java-1_4_2-ibm
2011-05-13 13:10:27
Security update for IBM Java 1.4.2 (important)
2011-07-22 05:08:11
cve
cve
CVE-2010-4471
2011-02-17 19:00:00
CVE-2010-4469
2011-02-17 19:00:00
CVE-2010-4472
2011-02-17 19:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:59:50
Denial Of Service (DoS)
2020-04-10 00:57:57
Denial Of Service (DoS)
2020-04-10 00:59:50
ubuntucve
ubuntucve
CVE-2010-4471
2011-02-17 00:00:00
CVE-2010-4469
2011-02-17 00:00:00
CVE-2010-4472
2011-02-17 00:00:00
prion
prion
Design/Logic Flaw
2011-02-17 19:00:00
Design/Logic Flaw
2011-02-17 19:00:00
Design/Logic Flaw
2011-02-17 19:00:00
seebug
seebug
Oracle Java Applet剪贴板注入远程代码执行漏洞
2011-12-01 00:00:00
zdi
zdi
Oracle Java Applet Clipboard Injection Remote Code Execution Vulnerability
2011-02-15 00:00:00
Red Hat OpenJDK IcedTea6 ClassLoader Remote Code Execution Vulnerability
2011-01-18 00:00:00
vmware
vmware
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2011-11-05 00:00:00
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
oracle
oracle
cpuapr2011
2011-04-19 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.013 Low

EPSS

Percentile

85.5%

JSON
Related for DEBIAN:DSA-2224-1:ECD2A
openvas64osv1nessus52fedora10ubuntu5centos2oraclelinux2redhat8securityvulns5suse4cve10veracode8ubuntucve10prion10seebug1zdi2vmware2gentoo2oracle1