CentOS Update for java CESA-2014:0097 centos6

CentOS Update for java CESA-2014:0097 centos6. Update for OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit

Reporter	Title	Published	Views	Family All 460
IBM Security Bulletins	Security Bulletin: Java vulnerability issue on IBM Storwize V7000 Unified system (CVE-2014-0411)	18 Jun 201800:08	–	ibm
IBM Security Bulletins	How to download interim fixes to patch IBM JRE CVEs	17 Jun 201814:48	–	ibm
IBM Security Bulletins	Security Bulletin: Rational License Key Server Administration and Reporting Tool vulnerability (CVE-2014-0411)	17 Jun 201804:52	–	ibm
IBM Security Bulletins	Security Bulletin: Information regarding security vulnerability in IBM SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server and addressed by Oracle CPU January 2014	15 Jun 201806:59	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in IBM Content Classification (CVE-2013-5879, CVE-2014-0411)	17 Jun 201811:42	–	ibm
IBM Security Bulletins	Security Bulletin: Java vulnerability issue on IBM SONAS (CVE-2014-0411)	18 Jun 201800:07	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Content Collector for SAP Applications affected by vulnerabilities in IBM SDK Java™ Technology Edition, Version 6 and Version 7 (CVE-2014-3566, CVE-2014-4244, CVE-2014-4263, CVE-2014-6457, CVE-2014-6468)	17 Jun 201812:09	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Tivoli Composite Application Manager for Transactions affected by multiple vulnerabilities in IBM JRE (Multiple CVEs)	17 Jun 201814:41	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities exist in the current IBM SDK for Java used in IBM System Networking Switch Center (CVE-2014-0411 & CVE-2014-0460)	8 Jul 201916:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for WebSphere Application Server January 2014 CPU	15 Jun 201806:59	–	ibm

Source	Link
lists	www.lists.centos.org/pipermail/centos-announce/2014-January/020120.html

###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for java CESA-2014:0097 centos6 
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");

if(description)
{
  script_id(881865);
  script_version("$Revision: 6656 $");
  script_tag(name:"last_modification", value:"$Date: 2017-07-10 13:49:38 +0200 (Mon, 10 Jul 2017) $");
  script_tag(name:"creation_date", value:"2014-01-30 10:43:46 +0530 (Thu, 30 Jan 2014)");
  script_cve_id("CVE-2013-5878", "CVE-2013-5884", "CVE-2013-5896", "CVE-2013-5907",
                "CVE-2013-5910", "CVE-2014-0368", "CVE-2014-0373", "CVE-2014-0376",
                "CVE-2014-0411", "CVE-2014-0416", "CVE-2014-0422", "CVE-2014-0423",
                "CVE-2014-0428");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_name("CentOS Update for java CESA-2014:0097 centos6 ");

  tag_insight = "These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Java Software Development Kit.

An input validation flaw was discovered in the font layout engine in the 2D
component. A specially crafted font file could trigger a Java Virtual
Machine memory corruption when processed. An untrusted Java application or
applet could possibly use this flaw to bypass Java sandbox restrictions.
(CVE-2013-5907)

Multiple improper permission check issues were discovered in the CORBA and
JNDI components in OpenJDK. An untrusted Java application or applet could
use these flaws to bypass Java sandbox restrictions. (CVE-2014-0428,
CVE-2014-0422)

Multiple improper permission check issues were discovered in the
Serviceability, Security, CORBA, JAAS, JAXP, and Networking components in
OpenJDK. An untrusted Java application or applet could use these flaws to
bypass certain Java sandbox restrictions. (CVE-2014-0373, CVE-2013-5878,
CVE-2013-5910, CVE-2013-5896, CVE-2013-5884, CVE-2014-0416, CVE-2014-0376,
CVE-2014-0368)

It was discovered that the Beans component did not restrict processing of
XML external entities. This flaw could cause a Java application using Beans
to leak sensitive information, or affect application availability.
(CVE-2014-0423)

It was discovered that the JSSE component could leak timing information
during the TLS/SSL handshake. This could possibly lead to a disclosure of
information about the used encryption keys. (CVE-2014-0411)

All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
";

  tag_affected = "java on CentOS 6";

  tag_solution = "Please Install the Updated Packages.";


  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  script_xref(name: "CESA", value: "2014:0097");
  script_xref(name: "URL" , value: "http://lists.centos.org/pipermail/centos-announce/2014-January/020120.html");
  script_summary("Check for the Version of java");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");

res = "";
if(release == NULL){
  exit(0);
}

if(release == "CentOS6")
{

  if ((res = isrpmvuln(pkg:"java-1.6.0-openjdk", rpm:"java-1.6.0-openjdk~1.6.0.0~3.1.13.1.el6_5", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"java-1.6.0-openjdk-demo", rpm:"java-1.6.0-openjdk-demo~1.6.0.0~3.1.13.1.el6_5", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"java-1.6.0-openjdk-devel", rpm:"java-1.6.0-openjdk-devel~1.6.0.0~3.1.13.1.el6_5", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"java-1.6.0-openjdk-javadoc", rpm:"java-1.6.0-openjdk-javadoc~1.6.0.0~3.1.13.1.el6_5", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"java-1.6.0-openjdk-src", rpm:"java-1.6.0-openjdk-src~1.6.0.0~3.1.13.1.el6_5", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

10 Jul 2017 00:00Current

0.1Low risk

Vulners AI Score0.1

EPSS0.16596