RedHat Security Advisory RHSA-2009:0377

The remote host must update the OpenJDK 6 Java Runtime Environment and Software Development Kit due to security issue

Reporter	Title	Published	Views	Family All 387
Tenable Nessus	CentOS 5 : java-1.6.0-openjdk (CESA-2009:0377)	6 Jan 201000:00	–	nessus
Tenable Nessus	Debian DSA-1745-1 : lcms - several vulnerabilities	20 Mar 200900:00	–	nessus
Tenable Nessus	Debian DSA-1769-1 : openjdk-6 - several vulnerabilities	13 Apr 200900:00	–	nessus
Tenable Nessus	Fedora 10 : lcms-1.18-1.fc10 (2009-2903)	23 Apr 200900:00	–	nessus
Tenable Nessus	Fedora 9 : lcms-1.18-0.1.beta2.fc9 (2009-2910)	24 Mar 200900:00	–	nessus
Tenable Nessus	Fedora 9 : lcms-1.18-1.fc9 (2009-2928)	24 Mar 200900:00	–	nessus
Tenable Nessus	Fedora 10 : lcms-1.18-0.1.beta2.fc10 (2009-2970)	23 Apr 200900:00	–	nessus
Tenable Nessus	Fedora 10 : java-1.6.0-openjdk-1.6.0.0-11.b14.fc10 (2009-2982)	23 Apr 200900:00	–	nessus
Tenable Nessus	Fedora 9 : java-1.6.0-openjdk-1.6.0.0-0.21.b09.fc9 (2009-2983)	24 Mar 200900:00	–	nessus
Tenable Nessus	Fedora 9 : java-1.6.0-openjdk-1.6.0.0-0.23.b09.fc9 (2009-3034)	27 Mar 200900:00	–	nessus

Source	Link
blogs	www.blogs.sun.com/security/entry/advance_notification_of_security_updates4
rhn	www.rhn.redhat.com/errata/RHSA-2009-0377.html
redhat	www.redhat.com/security/updates/classification/

# OpenVAS Vulnerability Test
# $Id: RHSA_2009_0377.nasl 6683 2017-07-12 09:41:57Z cfischer $
# Description: Auto-generated from advisory RHSA-2009:0377 ()
#
# Authors:
# Thomas Reinke <[email protected]>
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_summary = "The remote host is missing updates announced in
advisory RHSA-2009:0377.

These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)
contains the software and tools that users need to run applications written
using the Java programming language.

For details on the issues addressed in this update, please visit
the referenced security advisories.

All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.";

tag_solution = "Please note that this update is available via
Red Hat Network.  To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date";



if(description)
{
 script_id(63758);
 script_version("$Revision: 6683 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $");
 script_tag(name:"creation_date", value:"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)");
 script_cve_id("CVE-2006-2426", "CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733", "CVE-2009-0793", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1101", "CVE-2009-1102");
 script_tag(name:"cvss_base", value:"10.0");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_name("RedHat Security Advisory RHSA-2009:0377");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
 script_family("Red Hat Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 script_xref(name : "URL" , value : "http://rhn.redhat.com/errata/RHSA-2009-0377.html");
 script_xref(name : "URL" , value : "http://www.redhat.com/security/updates/classification/#important");
 script_xref(name : "URL" , value : "http://blogs.sun.com/security/entry/advance_notification_of_security_updates4");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-rpm.inc");

res = "";
report = "";
if ((res = isrpmvuln(pkg:"java-1.6.0-openjdk", rpm:"java-1.6.0-openjdk~1.6.0.0~0.30.b09.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-openjdk-debuginfo", rpm:"java-1.6.0-openjdk-debuginfo~1.6.0.0~0.30.b09.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-openjdk-demo", rpm:"java-1.6.0-openjdk-demo~1.6.0.0~0.30.b09.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-openjdk-devel", rpm:"java-1.6.0-openjdk-devel~1.6.0.0~0.30.b09.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-openjdk-javadoc", rpm:"java-1.6.0-openjdk-javadoc~1.6.0.0~0.30.b09.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-openjdk-src", rpm:"java-1.6.0-openjdk-src~1.6.0.0~0.30.b09.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

12 Jul 2017 00:00Current

0.6Low risk

Vulners AI Score0.6

EPSS0.29364