Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2012-136.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-2012-136)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
28
JSON

update to version 1.11.1 to fix several security issues :

  • S7082299, CVE-2011-3571: Fix in AtomicReferenceArray

  • S7088367, CVE-2011-3563: Fix issues in java sound

  • S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method

  • S7110687, CVE-2012-0503: Issues with TimeZone class

  • S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass

  • S7110704, CVE-2012-0506: Issues with some method in corba

  • S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object

  • S7118283, CVE-2012-0501: Better input parameter checking in zip file processing

  • S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2012-136.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(74558);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2011-3563", "CVE-2011-3571", "CVE-2011-5035", "CVE-2012-0497", "CVE-2012-0501", "CVE-2012-0502", "CVE-2012-0503", "CVE-2012-0505", "CVE-2012-0506");

  script_name(english:"openSUSE Security Update : java-1_6_0-openjdk (openSUSE-2012-136)");
  script_summary(english:"Check for the openSUSE-2012-136 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"update to version 1.11.1 to fix several security issues :

  - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray

  - S7088367, CVE-2011-3563: Fix issues in java sound

  - S7110683, CVE-2012-0502: Issues with some
    KeyboardFocusManager method

  - S7110687, CVE-2012-0503: Issues with TimeZone class

  - S7110700, CVE-2012-0505: Enhance exception throwing
    mechanism in ObjectStreamClass

  - S7110704, CVE-2012-0506: Issues with some method in
    corba

  - S7112642, CVE-2012-0497: Incorrect checking for graphics
    rendering object

  - S7118283, CVE-2012-0501: Better input parameter checking
    in zip file processing

  - S7126960, CVE-2011-5035: (httpserver) Add property to
    limit number of request headers to the HTTP Server"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=747208"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected java-1_6_0-openjdk packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.1", reference:"java-1_6_0-openjdk-1.6.0.0_b24.1.11.1-3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"java-1_6_0-openjdk-debuginfo-1.6.0.0_b24.1.11.1-3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"java-1_6_0-openjdk-debugsource-1.6.0.0_b24.1.11.1-3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.1-3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"java-1_6_0-openjdk-demo-debuginfo-1.6.0.0_b24.1.11.1-3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.1-3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"java-1_6_0-openjdk-devel-debuginfo-1.6.0.0_b24.1.11.1-3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"java-1_6_0-openjdk-javadoc-1.6.0.0_b24.1.11.1-3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"java-1_6_0-openjdk-src-1.6.0.0_b24.1.11.1-3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_6_0-openjdk / java-1_6_0-openjdk-debuginfo / etc");
}
VendorProductVersionCPE
novellopensusejava-1_6_0-openjdkp-cpe:/a:novell:opensuse:java-1_6_0-openjdk
novellopensusejava-1_6_0-openjdk-debuginfop-cpe:/a:novell:opensuse:java-1_6_0-openjdk-debuginfo
novellopensusejava-1_6_0-openjdk-debugsourcep-cpe:/a:novell:opensuse:java-1_6_0-openjdk-debugsource
novellopensusejava-1_6_0-openjdk-demop-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo
novellopensusejava-1_6_0-openjdk-demo-debuginfop-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo-debuginfo
novellopensusejava-1_6_0-openjdk-develp-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel
novellopensusejava-1_6_0-openjdk-devel-debuginfop-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel-debuginfo
novellopensusejava-1_6_0-openjdk-javadocp-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc
novellopensusejava-1_6_0-openjdk-srcp-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src
novellopensuse12.1cpe:/o:novell:opensuse:12.1

Related

nessus 43
openvas 64
suse 7
amazon 1
fedora 14
oraclelinux 2
redhat 7
centos 1
ubuntu 2
osv 1
debian 1
veracode 12
ibm 4
prion 10
securityvulns 1
cve 10
cisa 1
debiancve 1
ubuntucve 10
checkpoint_advisories 2
seebug 2
threatpost 1
attackerkb 1
symantec 1
nessus
nessus
Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64 (20120221)
2012-08-01 00:00:00
Fedora 16 : java-1.7.0-openjdk-1.7.0.3-2.1.fc16 (2012-1690)
2012-02-16 00:00:00
openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2012:0309-1)
2014-06-13 00:00:00
openvas
openvas
RedHat Update for java-1.6.0-openjdk RHSA-2012:0322-01
2012-02-27 00:00:00
RedHat Update for java-1.6.0-openjdk RHSA-2012:0135-01
2012-07-09 00:00:00
RedHat Update for java-1.6.0-openjdk RHSA-2012:0322-01
2012-02-27 00:00:00
suse
suse
java-1_6_0-openjdk: Update to iced tea 1.11.1 b24 security release (important)
2012-02-27 21:08:27
Security update for Java 1.6.0 (important)
2012-02-27 21:08:20
Security update for IBM Java (important)
2012-06-13 20:08:24
amazon
amazon
Critical: java-1.6.0-openjdk
2012-02-15 17:12:00
fedora
fedora
[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.3-2.1.fc17
2012-02-28 10:45:39
[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-68.1.11.5.fc16
2012-10-18 00:30:15
[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-68.1.11.4.fc16
2012-09-19 03:03:35
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2012-02-28 00:00:00
java-1.6.0-openjdk security update
2012-02-15 00:00:00
redhat
redhat
(RHSA-2012:0135) Critical: java-1.6.0-openjdk security update
2012-02-14 00:00:00
(RHSA-2012:0322) Important: java-1.6.0-openjdk security update
2012-02-21 00:00:00
(RHSA-2012:0702) Critical: java-1.4.2-ibm security update
2012-05-30 00:00:00
centos
centos
java security update
2012-02-15 10:26:37
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2012-02-24 00:00:00
OpenJDK 6 (ARM) vulnerabilities
2012-03-01 00:00:00
osv
osv
openjdk-6 - several
2012-02-28 00:00:00
debian
debian
[SECURITY] [DSA 2420-1] openjdk-6 security update
2012-02-28 20:11:47
veracode
veracode
Memory Corruption
2019-05-02 04:41:04
Memory Corruption
2019-05-02 04:41:05
Memory Corruption
2019-05-02 04:41:05
ibm
ibm
Potential Security Vulnerabilities With JavaTM SDKs
2018-06-17 14:05:25
Security Bulletin: Unspecified Vulnerabilities in Rational Synergy (CVE-2012-0502,CVE-2012-0503,CVE-2012-0506,CVE-2012-0507,CVE-2011-3563,CVE-2012-0500,CVE-2012-0497,CVE-2012-0498,CVE-2012-0499,CVE-2012-0500,CVE-2012-0501,CVE-2012-0505,CVE-2011-5035)
2020-12-22 17:41:28
Security Bulletin: Tivoli Storage Productivity Center - Oracle CPU February 2012, June 2012
2022-08-19 18:23:31
prion
prion
Buffer overflow
2011-12-30 01:55:00
Design/Logic Flaw
2012-02-15 22:55:00
Design/Logic Flaw
2012-02-15 22:55:00
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2012-08-20 00:00:00
cve
cve
CVE-2011-5035
2011-12-30 01:55:00
CVE-2012-0506
2012-02-15 22:55:00
CVE-2012-0497
2012-02-15 22:55:00
cisa
cisa
Apple Update for Java for OS X Lion and Mac OS X
2012-04-04 00:00:00
debiancve
debiancve
CVE-2011-5035
2011-12-30 01:55:00
ubuntucve
ubuntucve
CVE-2011-5035
2011-12-29 00:00:00
CVE-2012-0497
2012-02-15 00:00:00
CVE-2012-0501
2012-02-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Java zip_util readCEN Stack Overflow (CVE-2012-0501)
2012-05-14 00:00:00
Oracle Java Runtime Environment Sandbox Breach (CVE-2012-0505)
2012-04-16 00:00:00
seebug
seebug
Oracle Java SE JRE 2D子组件远程安全漏洞(CVE-2012-0497)
2012-02-16 00:00:00
IBM Rational AppScan 8.x/7.x 多个安全漏洞
2012-06-16 00:00:00
threatpost
threatpost
Mozilla Adds Older Java Versions to Firefox Blocklist
2012-04-03 13:25:06
attackerkb
attackerkb
CVE-2012-0507
2012-06-07 00:00:00
symantec
symantec
Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability
2012-02-14 00:00:00
JSON
Related for OPENSUSE-2012-136.NASL
nessus43openvas64suse7amazon1fedora14oraclelinux2redhat7centos1ubuntu2osv1debian1veracode12ibm4prion10securityvulns1cve10cisa1debiancve1ubuntucve10checkpoint_advisories2seebug2threatpost1attackerkb1symantec1