Ubuntu Update for openjdk-6 USN-2124-2. Fixes vulnerabilities in OpenJDK 6 including data exposure and denial of service issues
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
Ubuntu | OpenJDK 6 vulnerabilities | 27 Feb 201400:00 | – | ubuntu |
Ubuntu | OpenJDK 6 regression | 8 Apr 201400:00 | – | ubuntu |
Ubuntu | OpenJDK 7 vulnerabilities | 23 Jan 201400:00 | – | ubuntu |
Tenable Nessus | Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2014-283) | 5 Feb 201400:00 | – | nessus |
Tenable Nessus | Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64 (20140127) | 28 Jan 201400:00 | – | nessus |
Tenable Nessus | Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 regression (USN-2124-2) | 8 Apr 201400:00 | – | nessus |
Tenable Nessus | Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2124-1) | 28 Feb 201400:00 | – | nessus |
Tenable Nessus | Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2014-0097) | 28 Jan 201400:00 | – | nessus |
Tenable Nessus | Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2014-0026) | 16 Jan 201400:00 | – | nessus |
Tenable Nessus | CentOS 6 : java-1.7.0-openjdk (CESA-2014:0026) | 16 Jan 201400:00 | – | nessus |
Source | Link |
---|---|
ubuntu | www.ubuntu.com/usn/usn-2124-2/ |
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_2124_2.nasl 7957 2017-12-01 06:40:08Z santu $
#
# Ubuntu Update for openjdk-6 USN-2124-2
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
if(description)
{
script_id(841768);
script_version("$Revision: 7957 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-01 07:40:08 +0100 (Fri, 01 Dec 2017) $");
script_tag(name:"creation_date", value:"2014-04-08 11:46:00 +0530 (Tue, 08 Apr 2014)");
script_cve_id("CVE-2014-0411", "CVE-2013-5878", "CVE-2013-5907", "CVE-2014-0373",
"CVE-2014-0422", "CVE-2014-0428", "CVE-2013-5884", "CVE-2014-0368",
"CVE-2013-5896", "CVE-2013-5910", "CVE-2014-0376", "CVE-2014-0416",
"CVE-2014-0423");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_name("Ubuntu Update for openjdk-6 USN-2124-2");
tag_insight = "USN-2124-1 fixed vulnerabilities in OpenJDK 6. Due to an
upstream regression, memory was not properly zeroed under certain circumstances
which could lead to instability. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
A vulnerability was discovered in the OpenJDK JRE related to information
disclosure and data integrity. An attacker could exploit this to expose
sensitive data over the network. (CVE-2014-0411)
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2013-5878, CVE-2013-5907, CVE-2014-0373, CVE-2014-0422,
CVE-2014-0428)
Two vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure. An attacker could exploit these to expose sensitive
data over the network. (CVE-2013-5884, CVE-2014-0368)
Two vulnerabilities were discovered in the OpenJDK JRE related to
availability. An attacker could exploit these to cause a denial of service.
(CVE-2013-5896, CVE-2013-5910)
Two vulnerabilities were discovered in the OpenJDK JRE related to data
integrity. (CVE-2014-0376, CVE-2014-0416)
A vulnerability was discovered in the OpenJDK JRE related to information
disclosure and availability. An attacker could exploit this to expose
sensitive data over the network or cause a denial of service.
(CVE-2014-0423)
In addition to the above, USN-2033-1 fixed several vulnerabilities and bugs
in OpenJDK 6. This update introduced a regression which caused an exception
condition in javax.xml when instantiating encryption algorithms. This
update fixes the problem. We apologize for the inconvenience.";
tag_affected = "openjdk-6 on Ubuntu 12.04 LTS ,
Ubuntu 10.04 LTS";
tag_solution = "Please Install the Updated Packages.";
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name: "USN", value: "2124-2");
script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-2124-2/");
script_summary("Check for the Version of openjdk-6");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
exit(0);
}
include("pkg-lib-deb.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "UBUNTU12.04 LTS")
{
if ((res = isdpkgvuln(pkg:"icedtea-6-jre-cacao", ver:"6b30-1.13.1-1ubuntu2~0.12.04.3", rls:"UBUNTU12.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"icedtea-6-jre-jamvm", ver:"6b30-1.13.1-1ubuntu2~0.12.04.3", rls:"UBUNTU12.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"openjdk-6-jre", ver:"6b30-1.13.1-1ubuntu2~0.12.04.3", rls:"UBUNTU12.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"openjdk-6-jre-headless", ver:"6b30-1.13.1-1ubuntu2~0.12.04.3", rls:"UBUNTU12.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"openjdk-6-jre-lib", ver:"6b30-1.13.1-1ubuntu2~0.12.04.3", rls:"UBUNTU12.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"openjdk-6-jre-zero", ver:"6b30-1.13.1-1ubuntu2~0.12.04.3", rls:"UBUNTU12.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU10.04 LTS")
{
if ((res = isdpkgvuln(pkg:"icedtea-6-jre-cacao", ver:"6b30-1.13.1-1ubuntu2~0.10.04.2", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"openjdk-6-jre", ver:"6b30-1.13.1-1ubuntu2~0.10.04.2", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"openjdk-6-jre-headless", ver:"6b30-1.13.1-1ubuntu2~0.10.04.2", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"openjdk-6-jre-lib", ver:"6b30-1.13.1-1ubuntu2~0.10.04.2", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"openjdk-6-jre-zero", ver:"6b30-1.13.1-1ubuntu2~0.10.04.2", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo