Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language.
A flaw was found in the way that the Java Virtual Machine (JVM) handled temporary font files. A malicious applet could use this flaw to use large amounts of disk space, causing a denial of service.
(CVE-2006-2426)
A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An application using color profiles could use excessive amounts of memory, and possibly crash after using all available memory, if used to open specially crafted images. (CVE-2009-0581)
Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in the way LittleCMS handled color profiles. An attacker could use these flaws to create a specially crafted image file which could cause a Java application to crash or, possibly, execute arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733)
A NULL pointer dereference flaw was found in LittleCMS. An application using color profiles could crash while converting a specially crafted image file. (CVE-2009-0793)
A flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling could allow a remote attacker to cause a denial of service on the server application hosting the JAX-WS service endpoint.
(CVE-2009-1101)
A flaw in the way the Java Runtime Environment initialized LDAP connections could allow a remote, authenticated user to cause a denial of service on the LDAP service. (CVE-2009-1093)
A flaw in the Java Runtime Environment LDAP client could allow malicious data from an LDAP server to cause arbitrary code to be loaded and then run on an LDAP client. (CVE-2009-1094)
Several buffer overflow flaws were found in the Java Runtime Environment unpack200 functionality. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet. (CVE-2009-1095, CVE-2009-1096)
A flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as execute local applications with the privileges of the user running the applet.
(CVE-2009-1102)
A buffer overflow flaw was found in the splash screen processing. A remote attacker could extend privileges to read and write local files, as well as to execute local applications with the privileges of the user running the java process. (CVE-2009-1097)
A buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process. (CVE-2009-1098)
Note: The flaws concerning applets in this advisory, CVE-2009-1095, CVE-2009-1096, and CVE-2009-1102, can only be triggered in java-1.6.0-openjdk by calling the ‘appletviewer’ application.
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2009:0377. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(36111);
script_version("1.33");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2006-2426", "CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733", "CVE-2009-0793", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1101", "CVE-2009-1102");
script_bugtraq_id(34185, 34240);
script_xref(name:"RHSA", value:"2009:0377");
script_name(english:"RHEL 5 : java-1.6.0-openjdk (RHSA-2009:0377)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated java-1.6.0-openjdk packages that fix several security issues
are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)
contains the software and tools that users need to run applications
written using the Java programming language.
A flaw was found in the way that the Java Virtual Machine (JVM)
handled temporary font files. A malicious applet could use this flaw
to use large amounts of disk space, causing a denial of service.
(CVE-2006-2426)
A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An
application using color profiles could use excessive amounts of
memory, and possibly crash after using all available memory, if used
to open specially crafted images. (CVE-2009-0581)
Multiple integer overflow flaws which could lead to heap-based buffer
overflows, as well as multiple insufficient input validation flaws,
were found in the way LittleCMS handled color profiles. An attacker
could use these flaws to create a specially crafted image file which
could cause a Java application to crash or, possibly, execute
arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733)
A NULL pointer dereference flaw was found in LittleCMS. An application
using color profiles could crash while converting a specially crafted
image file. (CVE-2009-0793)
A flaw in the Java API for XML Web Services (JAX-WS) service endpoint
handling could allow a remote attacker to cause a denial of service on
the server application hosting the JAX-WS service endpoint.
(CVE-2009-1101)
A flaw in the way the Java Runtime Environment initialized LDAP
connections could allow a remote, authenticated user to cause a denial
of service on the LDAP service. (CVE-2009-1093)
A flaw in the Java Runtime Environment LDAP client could allow
malicious data from an LDAP server to cause arbitrary code to be
loaded and then run on an LDAP client. (CVE-2009-1094)
Several buffer overflow flaws were found in the Java Runtime
Environment unpack200 functionality. An untrusted applet could extend
its privileges, allowing it to read and write local files, as well as
to execute local applications with the privileges of the user running
the applet. (CVE-2009-1095, CVE-2009-1096)
A flaw in the Java Runtime Environment Virtual Machine code generation
functionality could allow untrusted applets to extend their
privileges. An untrusted applet could extend its privileges, allowing
it to read and write local files, as well as execute local
applications with the privileges of the user running the applet.
(CVE-2009-1102)
A buffer overflow flaw was found in the splash screen processing. A
remote attacker could extend privileges to read and write local files,
as well as to execute local applications with the privileges of the
user running the java process. (CVE-2009-1097)
A buffer overflow flaw was found in how GIF images were processed. A
remote attacker could extend privileges to read and write local files,
as well as execute local applications with the privileges of the user
running the java process. (CVE-2009-1098)
Note: The flaws concerning applets in this advisory, CVE-2009-1095,
CVE-2009-1096, and CVE-2009-1102, can only be triggered in
java-1.6.0-openjdk by calling the 'appletviewer' application.
All users of java-1.6.0-openjdk are advised to upgrade to these
updated packages, which resolve these issues. All running instances of
OpenJDK Java must be restarted for the update to take effect."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2006-2426"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-0581"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-0723"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-0733"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-0793"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1093"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1094"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1095"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1096"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1097"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1098"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1101"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1102"
);
# http://blogs.sun.com/security/entry/advance_notification_of_security_updates4
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?025abcaa"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2009:0377"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(16, 20, 94, 119, 189, 399);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.3");
script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/17");
script_set_attribute(attribute:"patch_publication_date", value:"2009/04/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/08");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2009:0377";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-1.6.0.0-0.30.b09.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-1.6.0.0-0.30.b09.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-demo-1.6.0.0-0.30.b09.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-demo-1.6.0.0-0.30.b09.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-devel-1.6.0.0-0.30.b09.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-devel-1.6.0.0-0.30.b09.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-0.30.b09.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-0.30.b09.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-src-1.6.0.0-0.30.b09.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-src-1.6.0.0-0.30.b09.el5")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc");
}
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | java-1.6.0-openjdk | p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk |
redhat | enterprise_linux | java-1.6.0-openjdk-demo | p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo |
redhat | enterprise_linux | java-1.6.0-openjdk-devel | p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel |
redhat | enterprise_linux | java-1.6.0-openjdk-javadoc | p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc |
redhat | enterprise_linux | java-1.6.0-openjdk-src | p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src |
redhat | enterprise_linux | 5 | cpe:/o:redhat:enterprise_linux:5 |
redhat | enterprise_linux | 5.3 | cpe:/o:redhat:enterprise_linux:5.3 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2426
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0581
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0723
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0733
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0793
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102
www.nessus.org/u?025abcaa
access.redhat.com/errata/RHSA-2009:0377
access.redhat.com/security/cve/cve-2006-2426
access.redhat.com/security/cve/cve-2009-0581
access.redhat.com/security/cve/cve-2009-0723
access.redhat.com/security/cve/cve-2009-0733
access.redhat.com/security/cve/cve-2009-0793
access.redhat.com/security/cve/cve-2009-1093
access.redhat.com/security/cve/cve-2009-1094
access.redhat.com/security/cve/cve-2009-1095
access.redhat.com/security/cve/cve-2009-1096
access.redhat.com/security/cve/cve-2009-1097
access.redhat.com/security/cve/cve-2009-1098
access.redhat.com/security/cve/cve-2009-1101
access.redhat.com/security/cve/cve-2009-1102