CentOS Update for java CESA-2013:0273 centos6. OpenJDK 6 update resolving permission check and timing information leakage issues
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
![]() | Oracle: Security Advisory (ELSA-2013-0274) | 6 Oct 201500:00 | – | openvas |
![]() | RedHat Update for java-1.6.0-openjdk RHSA-2013:0273-01 | 22 Feb 201300:00 | – | openvas |
![]() | RedHat Update for java-1.6.0-openjdk RHSA-2013:0274-01 | 22 Feb 201300:00 | – | openvas |
![]() | RedHat Update for java-1.6.0-openjdk RHSA-2013:0274-01 | 22 Feb 201300:00 | – | openvas |
![]() | CentOS Update for java CESA-2013:0273 centos6 | 22 Feb 201300:00 | – | openvas |
![]() | Amazon Linux: Security Advisory (ALAS-2013-163) | 8 Sep 201500:00 | – | openvas |
![]() | RedHat Update for java-1.6.0-openjdk RHSA-2013:0273-01 | 22 Feb 201300:00 | – | openvas |
![]() | SuSE Update for java-1_6_0-openjdk openSUSE-SU-2013:0375-1 (java-1_6_0-openjdk) | 11 Mar 201300:00 | – | openvas |
![]() | Oracle: Security Advisory (ELSA-2013-0273) | 6 Oct 201500:00 | – | openvas |
![]() | openSUSE: Security Advisory for java-1_6_0-openjdk (openSUSE-SU-2013:0375-1) | 11 Mar 201300:00 | – | openvas |
# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_tag(name:"affected", value:"java on CentOS 6");
script_tag(name:"solution", value:"Please install the updated packages.");
script_tag(name:"insight", value:"These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.
An improper permission check issue was discovered in the JMX component in
OpenJDK. An untrusted Java application or applet could use this flaw to
bypass Java sandbox restrictions. (CVE-2013-1486)
It was discovered that OpenJDK leaked timing information when decrypting
TLS/SSL protocol encrypted records when CBC-mode cipher suites were used.
A remote attacker could possibly use this flaw to retrieve plain text from
the encrypted packets by using a TLS/SSL server as a padding oracle.
(CVE-2013-0169)
Note: If the web browser plug-in provided by the icedtea-web package was
installed, CVE-2013-1486 could have been exploited without user interaction
if a user visited a malicious website.
This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8. Refer to
the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.");
script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2013-February/019252.html");
script_oid("1.3.6.1.4.1.25623.1.0.881606");
script_version("2023-07-10T08:07:43+0000");
script_tag(name:"last_modification", value:"2023-07-10 08:07:43 +0000 (Mon, 10 Jul 2023)");
script_tag(name:"creation_date", value:"2013-02-22 10:05:26 +0530 (Fri, 22 Feb 2013)");
script_cve_id("CVE-2013-0169", "CVE-2013-1486");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"CESA", value:"2013:0273");
script_name("CentOS Update for java CESA-2013:0273 centos6");
script_tag(name:"summary", value:"The remote host is missing an update for the 'java'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 Greenbone AG");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS6");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "CentOS6")
{
if ((res = isrpmvuln(pkg:"java-1.6.0-openjdk", rpm:"java-1.6.0-openjdk~1.6.0.0~1.56.1.11.8.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"java-1.6.0-openjdk-demo", rpm:"java-1.6.0-openjdk-demo~1.6.0.0~1.56.1.11.8.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"java-1.6.0-openjdk-devel", rpm:"java-1.6.0-openjdk-devel~1.6.0.0~1.56.1.11.8.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"java-1.6.0-openjdk-javadoc", rpm:"java-1.6.0-openjdk-javadoc~1.6.0.0~1.56.1.11.8.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"java-1.6.0-openjdk-src", rpm:"java-1.6.0-openjdk-src~1.6.0.0~1.56.1.11.8.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo